1 |
On Sun, 18 Apr 2010 00:46:25 +0100 |
2 |
David W Noon <dwnoon@××××××××.com> wrote: |
3 |
|
4 |
> If any Joe Schmoe could imbue a program with capabilities, this might |
5 |
> be true. But that's not the way the system works. |
6 |
|
7 |
Sorry, I think i'm missing your point. |
8 |
|
9 |
> Only root can run the setcap program to add capabilities to a program, |
10 |
> at least on a normal, UNIX-style security system. On a role-based |
11 |
> security system, even root might not be permitted to do this. |
12 |
|
13 |
If I had the root password to own system(which I do...) and I wanted Wine to uses IPX |
14 |
without running as root. I would set "setcap cap_net_raw=ep /usr/bin/wine" as root. |
15 |
Then I could run Wine as my normal user. |
16 |
|
17 |
No one in there right mind would run Wine as root. If you did you may as well use Windows. |