On Sun, 31 Jul 2011 16:00:40 -0400 "Anthony G. Basile" <bluen...@gentoo.org> wrote:
> On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote: > > On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile > > <bluen...@gentoo.org> wrote: > >> Hi everyone, > >> > >> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin > >> Millar) and myself were talking about other distros moving away > >> from setuid binaries towards caps. Openwall and Fedora are now > >> setuid-less [1]. Some googling showed that Constanze has done > >> quite a bit of work in the area and that there was a consensus to > >> include functions to set caps within portage [2]. I don't know > >> what, if anything has been done since then, but I'd like to lend > >> my support. > >> > > One problem that came up was that a lot of people use tmpfs for > > /var/tmp/portage, and tmpfs doesn't support xattrs which are needed > > for setting caps. > > > > Linux 3.0 has added support for xattrs with tmpfs (the redhat folks > > did the work, afaik), so that problem is partly solved now. > > I know, there are lots of places where xattrs is not supported that > lead to the same problem. I'm tempted to respond with pkg_postinst() > but I see QA problems written all over that. We can either do that or 'Future EAPI' capsetting in PMS. Then, a PM could implement capsetting functions in a such way that they will preserve caps internally to PM and re-set them when merging to livefs. -- Best regards, Michał Górny
signature.asc
Description: PGP signature
