<p dir="ltr"><br>
On Jul 20, 2015 11:05 AM, "Florian Weimer" <<a href="mailto:fweimer@redhat.com">fweimer@redhat.com</a>> wrote:<br>
><br>
> On 07/20/2015 05:59 PM, Steve Grubb wrote:<br>
><br>
> > Today, any application that wants to manipulate capabilities needs to be<br>
> > capability aware.<br>
><br>
> The application does not want to manipulate capabilities. I do not want<br>
> to run it as full root. I don't want to add additional SUID/fscaps to<br>
> the file system.<br>
><br>
> It's somewhat silly to add a privilege escalation hatch to the file<br>
> system in order to run a daemon with *reduced* privileges.</p>
<p dir="ltr">This is exactly why the ambient caps patch is sitting in -mm. If you want to read it and email a quick review, that might help it along. :)</p>
<p dir="ltr">--Andy</p>