[cap-talk] MinorFs 0.3 : 2rulethemall versus powerbox ?

Rob Meijer capibara at xs4all.nl
Sun Jul 6 16:22:33 CDT 2008

I just finished up the 0.3 version of Minorfs, and its again available on

The most important change, other than a lot of code cleanup is a result of
discussions about the role of the user in its role as the owner of the data.
People on this list advocated that my previous setup that would keep all
user processes fully capable of keeping disk data secret from all other
processes run by the same user was flawed in that it constituted a form of
DRM, and that the design kept the 'owner' of the data from administrating
her data.

I now made some major design changes, in order to accomodate for a simple
administration geared high privilege process to allow the user to regain
administrative privileges for its own data.

The litle program /usr/local/bin/2rulethemall now instead of receiving a
regular home directory in CapFs, receives as its home directory a
directory two levels abouve the regular level. This level is now the lever
under what all the processes with the same uid have their home
The 2rulethemall program, the first time a user runs it, asks the user top
provide a password. Each time after that, 2rulethemall asks for the
password and validates it before disclossing the strong CapFs path to the

I would be very interested in feedback on both my approach to this, and on
the current 0.3 version of MinorFs.
Further I would be interested in hearing how people feel about
2rulethemall versus the powerbox approach.

More information about the cap-talk mailing list