When adding a new privilege check to a code path, first check the complete
list of current privileges in
to see if one already exists for the class of privilege required.
Only if there is not an exact match should a new privilege be added to the
As privilege numbers becomes encoded in the kernel module ABI, privilege
constants must not be changed as any kernel modules depending on privileges
will then need to be recompiled.
When adding a new privilege, be certain to also determine whether it should
be listed in
which includes a complete list of privileges granted to the root user in
Certain catch-all privileges exist, such as
intended to be used by device drivers, rather than adding a new