[PATCH 4/7] add missing module_alias_subsys
Patrick McHardy
kaber at trash.net
Sat Nov 5 13:30:12 CET 2005
Harald Welte wrote:
> On Sat, Nov 05, 2005 at 12:56:06PM +0100, Patrick McHardy wrote:
>
>
>>>This unfortunately doesn't work with the current architecture, where
>>>every nfnetlink subsystem can specifiy the required capabilities per
>>>message. That specification isn't available before loading the module,
>>>though.
>>
>>Didn't we decide to remove the per-subsys capabilities and make all
>>of them require CAP_NET_ADMIN?
>
>
> We did? I knew we were talking about it, but I must have forgotten the
> result, sorry.
I think we did in Montreal.
>>That also a possiblity, but I can't think of a case where we wouldn't
>>insist on CAP_NET_ADMIN, so just removing the whole per-subsys
>>capabilities seems easier to me.
>
> Mh, ok. But you owe me a beer if we ever need to re-introduce it ;)
Agreed :)
More information about the netfilter-devel
mailing list