From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-46802-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qnbz0-0001UJ-OI
	for garchives@archives.gentoo.org; Sun, 31 Jul 2011 19:47:31 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7C83121C143;
	Sun, 31 Jul 2011 19:47:19 +0000 (UTC)
Received: from mail-gy0-f181.google.com (mail-gy0-f181.google.com [209.85.160.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id A8B5D21C09B
	for <gentoo-dev@lists.gentoo.org>; Sun, 31 Jul 2011 19:46:41 +0000 (UTC)
Received: by gyg10 with SMTP id 10so4311292gyg.40
        for <gentoo-dev@lists.gentoo.org>; Sun, 31 Jul 2011 12:46:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=MUcM6P088warOm56b24hlsY98I4oMHr+botYIMPZYco=;
        b=yAA0oos5ynFC6EirTSJXQklUbKYW3/piFGm+TbozhqcPc5Z3se1m7NdWRLywu5d7+O
         Sci7o/QWshTuqST8Tfdd0ad6Afdkomtq7VX3UfcMub4/6ltqUxeVUVQR9FjtHEqu4gxL
         AsY+KkVRMTHe/gH3N//BOUrvPTO4WQt1WAywU=
Received: by 10.236.170.233 with SMTP id p69mr1470022yhl.24.1312141601076;
 Sun, 31 Jul 2011 12:46:41 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: nirbheek.chauhan@gmail.com
Received: by 10.146.168.6 with HTTP; Sun, 31 Jul 2011 12:46:21 -0700 (PDT)
In-Reply-To: <4E356A0C.7070004@gentoo.org>
References: <4E356A0C.7070004@gentoo.org>
From: Nirbheek Chauhan <nirbheek@gentoo.org>
Date: Mon, 1 Aug 2011 01:16:21 +0530
X-Google-Sender-Auth: 2N--yNr6fQbFOCPRj9jUZUhjELI
Message-ID: <CADqQcK4RL8bWessPds+4sHa7TLR3Fj0-T68WEiuZK+Lo1oroew@mail.gmail.com>
Subject: Re: [gentoo-dev] POSIX capability in Gentoo
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 01c469a932dfa3694ec4dd3cf45e468d

On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile <blueness@gentoo.org> wr=
ote:
> Hi everyone,
>
> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
> and myself were talking about other distros moving away from setuid
> binaries towards caps. =C2=A0Openwall and Fedora are now setuid-less [1].
> Some googling showed that Constanze has done quite a bit of work in the
> area and that there was a consensus to include functions to set caps
> within portage [2]. =C2=A0I don't know what, if anything has been done si=
nce
> then, but I'd like to lend my support.
>

One problem that came up was that a lot of people use tmpfs for
/var/tmp/portage, and tmpfs doesn't support xattrs which are needed
for setting caps.

Linux 3.0 has added support for xattrs with tmpfs (the redhat folks
did the work, afaik), so that problem is partly solved now.


--=20
~Nirbheek Chauhan

Gentoo GNOME+Mozilla Team