On Tue, 02 Aug 2011 10:28:58 -0400 "Anthony G. Basile" <bluen...@gentoo.org> wrote: > I prefer capsetting in the PMS itself, with a nice clean function > which auto detects all the necessary conditions and transparently > preserves caps, as you suggest. Maybe this can be in EAPI=5.
Would need a spec, along with a way of dealing with all the problems: what happens if the build fs supports caps but the install fs doesn't? What about if caps are supported on both but in different ways (tmpfs on some kernels)? Is it up to the PM to deal with that? How does the PM even know? > I'm also wondering if, in the mean time, it might be worth writing a > bash script and/or howto on converting as many binaries as possible > from setuid to caps --- hitting up all the usual suspects. Its not > ideal but might still be useful until we get this squarely in the PMS. PMS currently explicitly states that caps might get clobbered on a merge (because Portage does that sometimes). So if you're doing it now, it'd have to be as a pkg_postinst thing. But I'd strongly recommend not going that route, since it'll almost certainly go horribly wrong in a "your system randomly no longer works" kind of way... Better to ban things from using caps for now. -- Ciaran McCreesh
signature.asc
Description: PGP signature
