TODO: extend login capability note

We cannot remove CAP_SYS_ADMIN, which basically makes removing all other
capabilities useless. Anyhow, still wouldn't hurt checking whether stuff
like CAP_KILL can be dropped from logind.

diff --git a/TODO b/TODO
index df578808c60cf10953aeab32816f152eb7fabedb..0e9a01d49274e0ba2f9436b4ae9f6cdbc5668e26 100644 (file)
--- a/TODO
+++ b/TODO
@@ -86,6 +86,7 @@ Features:
 
 * given that logind now lets PID 1 do all nasty work, we can
   probably reduce the capability set it retains substantially.
+  (we need CAP_SYS_ADMIN for drmSetMaster(), so maybe not worth it)
 
 * btrfs raid assembly: some .device jobs stay stuck in the queue