From e10e429f2dcbb586215e65f62847f40c7d8b5956 Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Sun, 5 Jan 2014 13:59:12 +0100
Subject: [PATCH] TODO: extend login capability note

We cannot remove CAP_SYS_ADMIN, which basically makes removing all other
capabilities useless. Anyhow, still wouldn't hurt checking whether stuff
like CAP_KILL can be dropped from logind.
---
 TODO | 1 +
 1 file changed, 1 insertion(+)

diff --git a/TODO b/TODO
index df578808c6..0e9a01d492 100644
--- a/TODO
+++ b/TODO
@@ -86,6 +86,7 @@ Features:
 
 * given that logind now lets PID 1 do all nasty work, we can
   probably reduce the capability set it retains substantially.
+  (we need CAP_SYS_ADMIN for drmSetMaster(), so maybe not worth it)
 
 * btrfs raid assembly: some .device jobs stay stuck in the queue