From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751636AbbBDGL3 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 4 Feb 2015 01:11:29 -0500
Received: from moth.iki.fi ([212.16.111.74]:57831 "EHLO moth.iki.fi"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751192AbbBDGLZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 4 Feb 2015 01:11:25 -0500
X-Greylist: delayed 366 seconds by postgrey-1.27 at vger.kernel.org; Wed, 04 Feb 2015 01:11:24 EST
Message-ID: <54D1B693.7060806@moth.iki.fi>
Date: Wed, 04 Feb 2015 08:05:07 +0200
From: Markku Savela <msa@moth.iki.fi>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Andy Lutomirski <luto@amacapital.net>, Christoph Lameter <cl@linux.com>
CC: Casey Schaufler <casey@schaufler-ca.com>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Serge Hallyn <serge.hallyn@ubuntu.com>,
        Serge Hallyn <serge.hallyn@canonical.com>,
        Jonathan Corbet <corbet@lwn.net>, Aaron Jones <aaronmdjones@gmail.com>,
        "Ted Ts'o" <tytso@mit.edu>,
        LSM List <linux-security-module@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linuxfoundation.org>
Subject: Re: [capabilities] Allow normal inheritance for a configurable set
 of capabilities
References: <alpine.DEB.2.11.1502021018500.5029@gentwo.org> <54CFB9B8.8020701@schaufler-ca.com> <20150202180806.GE24351@ubuntumail> <CALCETrXgodHNiEspXKbAm_xGfBtE6n4diESQzp5Rq8xyW14F2w@mail.gmail.com> <54CFE3E8.2030402@schaufler-ca.com> <20150203155122.GD2923@mail.hallyn.com> <54D0F94D.3050704@schaufler-ca.com> <20150203172837.GC4748@mail.hallyn.com> <54D10A50.5030707@schaufler-ca.com> <alpine.DEB.2.11.1502031341100.7862@gentwo.org> <CALCETrVbGo1M4tg2b-hcaimEXsXFCYVOyJHZFm3vw=6TqqfaAw@mail.gmail.com> <alpine.DEB.2.11.1502031708100.9261@gentwo.org> <CALCETrWvdf_Lf5H=wDW0ytKVaMzjZOBHpyQRW0q3bMk04yqvYg@mail.gmail.com>
In-Reply-To: <CALCETrWvdf_Lf5H=wDW0ytKVaMzjZOBHpyQRW0q3bMk04yqvYg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Just a note... We had inheritable capabilities in the linux of Nokia N9 
phone.

If a program needed some capabilities, they had to be requested by the 
manifest file inside the debian package. Of course, request is only 
granted if the package origin had permission to grant them.