From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QncCT-00058f-6W for garchives@archives.gentoo.org; Sun, 31 Jul 2011 20:01:25 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5699121C188; Sun, 31 Jul 2011 20:01:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 75ACA21C09B for ; Sun, 31 Jul 2011 20:00:43 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-238-39.buffalo.res.rr.com [74.77.238.39]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id B5F741BC007 for ; Sun, 31 Jul 2011 20:00:42 +0000 (UTC) Message-ID: <4E35B468.10604@gentoo.org> Date: Sun, 31 Jul 2011 16:00:40 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110705 Lightning/1.0b3pre Lanikai/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] POSIX capability in Gentoo References: <4E356A0C.7070004@gentoo.org> In-Reply-To: X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 1cd109e22aa4fcf3db2ad0df1182d009 On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote: > On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile wrote: >> Hi everyone, >> >> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar) >> and myself were talking about other distros moving away from setuid >> binaries towards caps. Openwall and Fedora are now setuid-less [1]. >> Some googling showed that Constanze has done quite a bit of work in the >> area and that there was a consensus to include functions to set caps >> within portage [2]. I don't know what, if anything has been done since >> then, but I'd like to lend my support. >> > One problem that came up was that a lot of people use tmpfs for > /var/tmp/portage, and tmpfs doesn't support xattrs which are needed > for setting caps. > > Linux 3.0 has added support for xattrs with tmpfs (the redhat folks > did the work, afaik), so that problem is partly solved now. > > I know, there are lots of places where xattrs is not supported that lead to the same problem. I'm tempted to respond with pkg_postinst() but I see QA problems written all over that. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535