From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QoGR4-0007j7-3Q for garchives@archives.gentoo.org; Tue, 02 Aug 2011 14:59:10 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8D97321C21D; Tue, 2 Aug 2011 14:58:56 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 952B321C212 for ; Tue, 2 Aug 2011 14:58:29 +0000 (UTC) Received: by wyh22 with SMTP id 22so2657826wyh.40 for ; Tue, 02 Aug 2011 07:58:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; bh=w5fZuQQFfJnBwCaSb9ihzZauadESZPVMCN2NPFq0/1U=; b=D1DV4PZb/0CA+pE+lPCVBT3etriQh0taT/hvh9f2cHxOf+221Vdb0WtIBsLj1MKh9J W5BgemuhtX5jBiN382duoUWYclUpqhTkqdayWubd64v3dtaT7IzwwMrqTkDsIn2LvZKH BVRD5GGBukpiUNGyD0nUrIRlds1STB6dTKfGw= Received: by 10.227.12.18 with SMTP id v18mr7304689wbv.89.1312297108750; Tue, 02 Aug 2011 07:58:28 -0700 (PDT) Received: from localhost (cpc1-broo4-0-0-cust780.14-2.cable.virginmedia.com [86.4.215.13]) by mx.google.com with ESMTPS id ff6sm5078429wbb.66.2011.08.02.07.58.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 02 Aug 2011 07:58:28 -0700 (PDT) Date: Tue, 2 Aug 2011 15:54:54 +0100 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] POSIX capability in Gentoo Message-ID: <20110802155454.5fb24cb4@googlemail.com> In-Reply-To: <4E380EEA.6080505@gentoo.org> References: <4E356A0C.7070004@gentoo.org> <4E35B468.10604@gentoo.org> <20110802090832.2cd03a32@pomiocik.lan> <4E3809AA.2050609@gentoo.org> <20110802153134.7cab1727@googlemail.com> <4E380EEA.6080505@gentoo.org> X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.5; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/iD6hzyQZX/0ggn4St.ozMB6"; protocol="application/pgp-signature" X-Archives-Salt: X-Archives-Hash: 1d9f5f424d05cb9c1c29c2dddc229524 --Sig_/iD6hzyQZX/0ggn4St.ozMB6 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 02 Aug 2011 10:51:22 -0400 "Anthony G. Basile" wrote: > > Would need a spec, along with a way of dealing with all the > > problems: what happens if the build fs supports caps but the > > install fs doesn't? What about if caps are supported on both but in > > different ways (tmpfs on some kernels)? Is it up to the PM to deal > > with that? How does the PM even know? >=20 > That's exactly what I was thinking of for the PM. It would have to > autodetect all that. That's the problematic part... It's not quite "the PM just needs to come up with a cure for cancer", but it's decidedly non-trivial. > Eg. it could create a test file on each fs and > then do a getcap on it and if it fails, you have your answer. But it can and will be merging to multiple filesystems, some of which support caps and some of which don't. Maybe the answer is to have the PM do the merge, including caps, and if it detects that the caps setting failed then it should fall back to some kind of set*id bit (but which one?). But I'm not sure that setting caps that won't actually work will necessarily give a failure. Another possibility is to simply require that the PM preserve caps from the build fs to the root fs, and if it fails, to abort horribly (except we hate dying mid-merge, since it's impossible to clean up). Then it's the user's responsibility to turn off caps on their build fs if necessary. But neither of those are anywhere close to implementable without a lot of careful thought and planning... We need to *prove* that we're safe here, not guess that we're probably ok based upon a bit of testing. And we haven't even started talking about binaries yet... > I was thinking something even dirtier, something outside of the PMS > altogether, along the lines of what one does when converting to a > selinux system where one relabels the entire filesystem with rlpkg. > So no, not something via pkg_postinst(). Please don't. --=20 Ciaran McCreesh --Sig_/iD6hzyQZX/0ggn4St.ozMB6 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk44D8EACgkQ96zL6DUtXhHtIACgv3heXXCxlbX3hNL/pmMIuzQ9 bWsAn1z43bWSYZSYb+xJ2TaP8eKujhoh =4y9j -----END PGP SIGNATURE----- --Sig_/iD6hzyQZX/0ggn4St.ozMB6--