From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QnccH-0003Hd-9h for garchives@archives.gentoo.org; Sun, 31 Jul 2011 20:28:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0EBCF21C1F6; Sun, 31 Jul 2011 20:27:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id D443221C075 for ; Sun, 31 Jul 2011 20:27:22 +0000 (UTC) Received: from pomiocik.lan (unknown [213.195.167.139]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 36200656D9; Sun, 31 Jul 2011 20:27:20 +0000 (UTC) Date: Sun, 31 Jul 2011 22:28:35 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: nirbheek@gentoo.org Subject: Re: [gentoo-dev] POSIX capability in Gentoo Message-ID: <20110731222835.53fc49bd@pomiocik.lan> In-Reply-To: References: <4E356A0C.7070004@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.5; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/YlnYTbEOm+o_a7B4/R.GHXi"; protocol="application/pgp-signature" X-Archives-Salt: X-Archives-Hash: 4d2235bd9bd122f63ca164814647d68c --Sig_/YlnYTbEOm+o_a7B4/R.GHXi Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 1 Aug 2011 01:16:21 +0530 Nirbheek Chauhan wrote: > On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile > wrote: > > Hi everyone, > > > > A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin > > Millar) and myself were talking about other distros moving away > > from setuid binaries towards caps. =C2=A0Openwall and Fedora are now > > setuid-less [1]. Some googling showed that Constanze has done quite > > a bit of work in the area and that there was a consensus to include > > functions to set caps within portage [2]. =C2=A0I don't know what, if > > anything has been done since then, but I'd like to lend my support. > > >=20 > One problem that came up was that a lot of people use tmpfs for > /var/tmp/portage, and tmpfs doesn't support xattrs which are needed > for setting caps. Will packages always explicitly set caps themselves or will sometimes upstream do that for us? IOW, will we have total control over actual caps? --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/YlnYTbEOm+o_a7B4/R.GHXi Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iJwEAQEIAAYFAk41uvMACgkQfXuS5UK5QB0iAQP8DOBU+nZk7Z6hKGvuOJkCP6Sz 57ohDzM2K12LLMO3/i5SJ/ssQ4Zr7hDCVvdBNPq4qMqL3FiMIi3GFlqRGwM/iNlq RGyeQSUtJoQV8hhBHFHjF1nNfKdjURuzgH3B2PcPkvrpVuSDI03ph+OcX1uNTgM7 XTiq2airvCyXyleJldo= =otQJ -----END PGP SIGNATURE----- --Sig_/YlnYTbEOm+o_a7B4/R.GHXi--