[mythtv] [PATCH] security update for realtime priority

Doug Larrick doug at ties.org
Wed Nov 3 11:39:18 UTC 2004

Matt Zimmerman wrote:
> The entire point of capabilities is to be able to drop root, while retaining
> certain privileges.  Something must not be right.

I've done some searching and reading, and come to the conclusion that nk 
you're mistaken.  Read 
-- in particular the text around "Normally all capabilities are cleared 
when changing uid from root."  My understanding is that capabilities are 
used to restrict the things an otherwise-priveleged process can do. 
This interpretation agrees with the behavior I've observed.

It also appears that the POSIX capabilities standard was withdrawn, so 
this is indeed a Linux-only (or Linux-mostly) feature.  So it does 
appear this implementation should be a settings.pro option, on by 
default for only Linux (or only Debian? -- depends how many distros have 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://mythtv.org/pipermail/mythtv-dev/attachments/20041103/5c0e09f7/signature.pgp

More information about the mythtv-dev mailing list