Without filesystem capabilities, many things will not work. Ping as a user for
instance. Lots of setuid binaries switched to using filesystem capabilities
rather than setuid and require it to work. RPM failing is the right thing to do.
Dennis
On 29 November 2016 8:04:07 am AEST, "J. Bruce Fields" <bfie...@redhat.com>
wrote:
>On Wed, Nov 23, 2016 at 08:28:12PM -0500, Stephen John Smoogen wrote:
>> On 23 November 2016 at 19:36, Samuel Sieb <sam...@sieb.net> wrote:
>> > On 11/23/2016 07:39 AM, Chuck Anderson wrote:
>> >>
>> >> Is it supposed to be supported to install RPMs onto NFS
>filesystems?
>> >> Apparently NFSv3 doesn't support capabilities, so I'm not sure
>what to
>> >> do with this bug which happens because cap_net_raw is used for the
>> >> fping binaries:
>> >>
>> > I would expect that isn't supported, although I'm somewhat
>surprised that it
>> > fails instead of just warning. That's a very unusual setup, having
>the root
>> > filesystem on NFS.
>>
>> I doubt that installing on NFS was supported after we began using
>> capabilities on files for security. While installing on NFS was in
>> vogue in the 80's and 90's for thin clients and similar environments,
>> I think it has fallen to the wayside for current development. [In the
>> EPEL environment space I do expect it is still in use for root but
>> probably only in EL6 land versus EL7]
>
>This isn't the first complaint we've gotten, though admittedly it may
>have been a while. (And I'm having no luck finding the bugs in
>bugzilla.)
>
>We could add support for capabilities to the NFS protocol, but that
>could take a while.
>
>It'd be nice if rpm installs could fall back on something else instead
>of failing, but maybe it's complicated to do that safely.
>
>--b.
>_______________________________________________
>devel mailing list -- devel@lists.fedoraproject.org
>To unsubscribe send an email to devel-le...@lists.fedoraproject.org
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
