On 08/02/2011 04:37 PM, Mike Waychison wrote: > > Perhaps the right approach is to not drop the effective and permitted > masks as Andrew pointed out, and do all this from kinit, not from > run-init while /proc is mounted? > Well, we should really move /proc et al into the new root, if nothing else to match switch_root. -hpa