On Wed, Mar 2, 2022 at 7:15 PM Steve Grubb <sgrubb(a)redhat.com> wrote:
As someone involved in that change, the situation was much worse back
in
2011. Almost everything was running as root. The inspection tools back then
were non-existent, which is what I wrote pscap and netcap.
Now, a lot of things use capabilities with a few still running as root when
they don't need to be. [...]
Not... really. grep is telling me there are 22 spec files that say
%cap and 63 that match /%attr.4/.
- ajax