From: Nirbheek Chauhan <nirbheek@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] POSIX capability in Gentoo
Date: Mon, 1 Aug 2011 01:16:21 +0530 [thread overview]
Message-ID: <CADqQcK4RL8bWessPds+4sHa7TLR3Fj0-T68WEiuZK+Lo1oroew@mail.gmail.com> (raw)
In-Reply-To: <4E356A0C.7070004@gentoo.org>
On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile <blueness@gentoo.org> wrote:
> Hi everyone,
>
> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
> and myself were talking about other distros moving away from setuid
> binaries towards caps. Openwall and Fedora are now setuid-less [1].
> Some googling showed that Constanze has done quite a bit of work in the
> area and that there was a consensus to include functions to set caps
> within portage [2]. I don't know what, if anything has been done since
> then, but I'd like to lend my support.
>
One problem that came up was that a lot of people use tmpfs for
/var/tmp/portage, and tmpfs doesn't support xattrs which are needed
for setting caps.
Linux 3.0 has added support for xattrs with tmpfs (the redhat folks
did the work, afaik), so that problem is partly solved now.
--
~Nirbheek Chauhan
Gentoo GNOME+Mozilla Team
next prev parent reply other threads:[~2011-07-31 19:47 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-31 14:43 [gentoo-dev] POSIX capability in Gentoo Anthony G. Basile
2011-07-31 19:46 ` Nirbheek Chauhan [this message]
2011-07-31 20:00 ` Anthony G. Basile
2011-08-02 7:08 ` Michał Górny
2011-08-02 14:28 ` Anthony G. Basile
2011-08-02 14:31 ` Ciaran McCreesh
2011-08-02 14:51 ` Anthony G. Basile
2011-08-02 14:54 ` Ciaran McCreesh
2011-08-02 15:05 ` Anthony G. Basile
2011-08-02 15:05 ` Ciaran McCreesh
2011-08-02 15:19 ` Anthony G. Basile
2011-08-02 15:20 ` Ciaran McCreesh
2011-08-02 17:11 ` [gentoo-dev] " Duncan
2011-08-02 17:17 ` Ciaran McCreesh
2011-08-02 17:36 ` Jonathan Callen
[not found] ` <20110802173846.AF04F21C12C@pigeon.gentoo.org>
2011-08-02 17:39 ` Ciaran McCreesh
2011-08-02 20:46 ` Arfrever Frehtes Taifersar Arahesis
2011-08-03 1:19 ` Duncan
2011-08-03 0:29 ` Brian Harring
2011-08-03 11:34 ` Ciaran McCreesh
2011-08-03 21:26 ` Brian Harring
2011-08-03 21:28 ` Ciaran McCreesh
2011-08-03 21:52 ` Brian Harring
2011-08-02 15:15 ` [gentoo-dev] " Rich Freeman
2011-08-02 15:09 ` Michał Górny
2011-07-31 20:28 ` Michał Górny
2011-07-31 20:27 ` Ciaran McCreesh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADqQcK4RL8bWessPds+4sHa7TLR3Fj0-T68WEiuZK+Lo1oroew@mail.gmail.com \
--to=nirbheek@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox