From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 35BF2138739 for ; Tue, 29 Jan 2013 12:15:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7EF3021C03B; Tue, 29 Jan 2013 12:15:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 806BF21C00B for ; Tue, 29 Jan 2013 12:15:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 9EEC633DB8E for ; Tue, 29 Jan 2013 12:15:14 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.567 X-Spam-Level: X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5.5 tests=[AWL=-1.076, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.489, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opLJXDw9M9bS for ; Tue, 29 Jan 2013 12:15:08 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BD59F33DA8E for ; Tue, 29 Jan 2013 12:15:08 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1U0A5z-00066U-Ji for gentoo-dev@gentoo.org; Tue, 29 Jan 2013 13:15:23 +0100 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 29 Jan 2013 13:15:23 +0100 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 29 Jan 2013 13:15:23 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: fcaps.eclass: bringing filesystem capabilities to the tree Date: Tue, 29 Jan 2013 12:14:54 +0000 (UTC) Message-ID: References: <201301251851.45021.vapier@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT 09d34ae /usr/src/portage/src/egit-src/pan2) X-Archives-Salt: c21e7d06-3153-47f4-b6f9-e1774d2f73eb X-Archives-Hash: a2e8b18e4ea23b05e40c4ef53a42b0b1 Mike Frysinger posted on Fri, 25 Jan 2013 18:51:44 -0500 as excerpted: > else > local fstype=$(stat -f -c %T "${file}") > ewarn "Could not set caps on '${file}' due to missing filesystem support." > ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." > fi This needs a bit more information, please. I had XATTR support enabled, but it wasn't enough. For at least reiserfs, and presumably for ext4, since it has similar kconfig options, *_FS_XATTR isn't enough, *_FS_SECURITY must be enabled as well. (*_FSPOSIX_ACL did NOT need to be enabled, however.) So: ewarn "Make sure you enable XATTR and SECURITY attribute support for ${fstype} in your kernel." Unfortunately, kernel-help for *_FS_SECURITY implies that it only needs to be enabled for SELinux or the like, recommending that it be disabled if you're not running such modules. Is it worth filing an upstream mainline kernel bug on that as well, suggesting that it mention file-caps as well? -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman