From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QoGa7-0002dc-GE for garchives@archives.gentoo.org; Tue, 02 Aug 2011 15:08:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5BBD121C2E5; Tue, 2 Aug 2011 15:08:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 2573D21C24B for ; Tue, 2 Aug 2011 15:07:54 +0000 (UTC) Received: from pomiocik.lan (213-238-101-204.adsl.inetia.pl [213.238.101.204]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id E379B1BC0D1; Tue, 2 Aug 2011 15:07:51 +0000 (UTC) Date: Tue, 2 Aug 2011 17:09:02 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: blueness@gentoo.org Subject: Re: [gentoo-dev] POSIX capability in Gentoo Message-ID: <20110802170902.28e25aa7@pomiocik.lan> In-Reply-To: <4E380EEA.6080505@gentoo.org> References: <4E356A0C.7070004@gentoo.org> <4E35B468.10604@gentoo.org> <20110802090832.2cd03a32@pomiocik.lan> <4E3809AA.2050609@gentoo.org> <20110802153134.7cab1727@googlemail.com> <4E380EEA.6080505@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.5; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/qX7435TO=zUoUN_+FcZ4hDw"; protocol="application/pgp-signature" X-Archives-Salt: X-Archives-Hash: fe2b098141ec2b366bbb85edf893ebf2 --Sig_/qX7435TO=zUoUN_+FcZ4hDw Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, 02 Aug 2011 10:51:22 -0400 "Anthony G. Basile" wrote: > On 08/02/2011 10:31 AM, Ciaran McCreesh wrote: > > On Tue, 02 Aug 2011 10:28:58 -0400 > > "Anthony G. Basile" wrote: > >> I prefer capsetting in the PMS itself, with a nice clean function > >> which auto detects all the necessary conditions and transparently > >> preserves caps, as you suggest. Maybe this can be in EAPI=3D5.=20 > > Would need a spec, along with a way of dealing with all the > > problems: what happens if the build fs supports caps but the > > install fs doesn't? What about if caps are supported on both but in > > different ways (tmpfs on some kernels)? Is it up to the PM to deal > > with that? How does the PM even know? > > >=20 > That's exactly what I was thinking of for the PM. It would have to > autodetect all that. Eg. it could create a test file on each fs and > then do a getcap on it and if it fails, you have your answer. If > necessary and it exists, it could look at /proc/config. I think it's > doable. Just let the capsetting function store all details internally when called. I don't think it's really important whether build fs capsetting succeeds. So, it's like: 1) capset on buildfs, store details internally; 2) move to livefs; 3) [optionally] getcap on livefs, done if set; 4) capset on livefs; 5) getcap on livefs, done if set; 6) fallback to set?id (using info from stored capsetting function call) if necessary. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/qX7435TO=zUoUN_+FcZ4hDw Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iJwEAQEIAAYFAk44ExQACgkQfXuS5UK5QB3RzwP/Qt39L+MY/jA+yGGHt7e3eg8J UGonZnxnUCr1DDHmoA+t7twG4Vz3fq87Yzgfc7bvtTncWznxUQRWCWw8+1NmkrvS qVQKfVL1TszCZgn5x4SJ6cm8q0UAPG64CLi+fldQI76kP80BPn89JlrDUA9VR5uf 3oEaejhqy0+dmRjzpjU= =HUs0 -----END PGP SIGNATURE----- --Sig_/qX7435TO=zUoUN_+FcZ4hDw--