> I wander if sysfs can be used for this somehow. Not as we're discussing, because all the file operations are already set by the sysfs code. However, is it so bad to make the existing cap_mask sysfs file writable and just say that userspace has to clean up if the SM exits uncleanly? - R.