On Sunday 23 March 2008, Alon Bar-Lev wrote: > linux-2.6.24 supports file based capabilities via: > CONFIG_SECURITY_FILE_CAPABILITIES > > This enables the use of filesystem attributes in order to store per > executable capabilities list, more information at [1]. > > This enables improved security level for people who don't wish to move > into SELinux or similar. > > I think a new global USE flags (or use current caps) may enable > ebuilds to set correct capabilities on files.
Diego and i were talking ... we're going to go with USE=filecaps because it's so new and doesnt require the libcap library in order to work at runtime. probably be worthwhile to put together a little eclass of functions to make people's lives easier ... -mike
signature.asc
Description: This is a digitally signed message part.