Quoting Eric W. Biederman (ebied...@xmission.com): > single sandbox. I am not at all certain that the capabilities is the > proper place to limit code reachability.
Right, I keep having this gut feeling that there is another way we should be doing that. Maybe based on ksplice or perf, or maybe more based on subsystems. And I hope someone pursues that. But I can't put my finger on it, and meanwhile the capability checks obviously *are* in fact gates... -serge
