From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: fcaps.eclass: bringing filesystem capabilities to the tree
Date: Tue, 29 Jan 2013 12:14:54 +0000 (UTC) [thread overview]
Message-ID: <pan.2013.01.29.12.14.57@cox.net> (raw)
In-Reply-To: 201301251851.45021.vapier@gentoo.org
Mike Frysinger posted on Fri, 25 Jan 2013 18:51:44 -0500 as excerpted:
> else
> local fstype=$(stat -f -c %T "${file}")
> ewarn "Could not set caps on '${file}' due to missing filesystem support."
> ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel."
> fi
This needs a bit more information, please.
I had XATTR support enabled, but it wasn't enough.
For at least reiserfs, and presumably for ext4, since it has
similar kconfig options, *_FS_XATTR isn't enough,
*_FS_SECURITY must be enabled as well.
(*_FSPOSIX_ACL did NOT need to be enabled, however.)
So:
ewarn "Make sure you enable XATTR and SECURITY attribute
support for ${fstype} in your kernel."
Unfortunately, kernel-help for *_FS_SECURITY implies that it only needs
to be enabled for SELinux or the like, recommending that it be disabled
if you're not running such modules. Is it worth filing an upstream
mainline kernel bug on that as well, suggesting that it mention file-caps
as well?
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2013-01-29 12:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-25 23:51 [gentoo-dev] fcaps.eclass: bringing filesystem capabilities to the tree Mike Frysinger
2013-01-26 0:10 ` Gilles Dartiguelongue
2013-01-26 0:17 ` Diego Elio Pettenò
2013-01-26 7:46 ` Mike Frysinger
2013-01-26 10:17 ` [gentoo-dev] " Duncan
2013-01-26 16:01 ` [gentoo-dev] " Diego Elio Pettenò
2013-01-26 16:13 ` Rich Freeman
2013-01-26 17:02 ` Diego Elio Pettenò
2013-01-28 19:58 ` Gilles Dartiguelongue
2013-01-26 13:21 ` Michał Górny
2013-01-26 17:08 ` Mike Frysinger
2013-01-26 21:07 ` Doug Goldstein
2013-01-27 17:26 ` Mike Frysinger
2013-01-27 18:24 ` Kacper Kowalik
2013-01-29 12:14 ` Duncan [this message]
2013-01-30 0:47 ` [gentoo-dev] " Diego Elio Pettenò
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pan.2013.01.29.12.14.57@cox.net \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox