[Apparmor-general] Moving To A Pure Capability Model?
Daniel de Kok
danieldk at pobox.com
Thu Jan 18 00:06:52 MST 2007
On Thu, 18 Jan 2007, Crispin Cowan wrote:
> Rather than add to the plethora of flavors of x, it seems to me that
> Daniel's idea fits best with Px and px: that Px should close FDs on
> exec, and px should leave FDs alone, just as with environment variables.
> ix should leave FDs alone, and Ux should close them.
Relating this to environment scrubbing, and thereby rolling it into the
existing execution flags looks very natural and simple. Great idea!
-- Daniel
More information about the Apparmor-general
mailing list