Re: [gentoo-dev] POSIX capability in Gentoo

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] POSIX capability in Gentoo
Date: Tue, 2 Aug 2011 15:54:54 +0100	[thread overview]
Message-ID: <20110802155454.5fb24cb4@googlemail.com> (raw)
In-Reply-To: <4E380EEA.6080505@gentoo.org>

[-- Attachment #1: Type: text/plain, Size: 2021 bytes --]

On Tue, 02 Aug 2011 10:51:22 -0400
"Anthony G. Basile" <blueness@gentoo.org> wrote:
> > Would need a spec, along with a way of dealing with all the
> > problems: what happens if the build fs supports caps but the
> > install fs doesn't? What about if caps are supported on both but in
> > different ways (tmpfs on some kernels)? Is it up to the PM to deal
> > with that? How does the PM even know?
> 
> That's exactly what I was thinking of for the PM.  It would have to
> autodetect all that.

That's the problematic part... It's not quite "the PM just needs to
come up with a cure for cancer", but it's decidedly non-trivial.

> Eg. it could create a test file on each fs and
> then do a getcap on it and if it fails, you have your answer.

But it can and will be merging to multiple filesystems, some of which
support caps and some of which don't.

Maybe the answer is to have the PM do the merge, including caps, and if
it detects that the caps setting failed then it should fall back to
some kind of set*id bit (but which one?). But I'm not sure that setting
caps that won't actually work will necessarily give a failure.

Another possibility is to simply require that the PM preserve caps from
the build fs to the root fs, and if it fails, to abort horribly (except
we hate dying mid-merge, since it's impossible to clean up). Then it's
the user's responsibility to turn off caps on their build fs if
necessary.

But neither of those are anywhere close to implementable without a lot
of careful thought and planning... We need to *prove* that we're safe
here, not guess that we're probably ok based upon a bit of testing.

And we haven't even started talking about binaries yet...

> I was thinking something even dirtier, something outside of the PMS
> altogether, along the lines of what one does when converting to a
> selinux system where one relabels the entire filesystem with rlpkg.
> So no, not something via pkg_postinst().

Please don't.

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

next prev parent reply	other threads:[~2011-08-02 14:59 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-31 14:43 [gentoo-dev] POSIX capability in Gentoo Anthony G. Basile
2011-07-31 19:46 ` Nirbheek Chauhan
2011-07-31 20:00   ` Anthony G. Basile
2011-08-02  7:08     ` Michał Górny
2011-08-02 14:28       ` Anthony G. Basile
2011-08-02 14:31         ` Ciaran McCreesh
2011-08-02 14:51           ` Anthony G. Basile
2011-08-02 14:54             ` Ciaran McCreesh [this message]
2011-08-02 15:05               ` Anthony G. Basile
2011-08-02 15:05                 ` Ciaran McCreesh
2011-08-02 15:19                   ` Anthony G. Basile
2011-08-02 15:20                     ` Ciaran McCreesh
2011-08-02 17:11                   ` [gentoo-dev] " Duncan
2011-08-02 17:17                     ` Ciaran McCreesh
2011-08-02 17:36                       ` Jonathan Callen
     [not found]                       ` <20110802173846.AF04F21C12C@pigeon.gentoo.org>
2011-08-02 17:39                         ` Ciaran McCreesh
2011-08-02 20:46                           ` Arfrever Frehtes Taifersar Arahesis
2011-08-03  1:19                             ` Duncan
2011-08-03  0:29                           ` Brian Harring
2011-08-03 11:34                             ` Ciaran McCreesh
2011-08-03 21:26                               ` Brian Harring
2011-08-03 21:28                                 ` Ciaran McCreesh
2011-08-03 21:52                                   ` Brian Harring
2011-08-02 15:15                 ` [gentoo-dev] " Rich Freeman
2011-08-02 15:09             ` Michał Górny
2011-07-31 20:28   ` Michał Górny
2011-07-31 20:27     ` Ciaran McCreesh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110802155454.5fb24cb4@googlemail.com \
    --to=ciaran.mccreesh@googlemail.com \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox