[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: Re: [gentoo-dev] POSIX capability in Gentoo
From: Michał Górny <mgorny () gentoo ! org>
Date: 2011-07-31 20:28:35
Message-ID: 20110731222835.53fc49bd () pomiocik ! lan
[Download RAW message or body]
On Mon, 1 Aug 2011 01:16:21 +0530
Nirbheek Chauhan <nirbheek@gentoo.org> wrote:
> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
> <blueness@gentoo.org> wrote:
> > Hi everyone,
> >
> > A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin
> > Millar) and myself were talking about other distros moving away
> > from setuid binaries towards caps. Openwall and Fedora are now
> > setuid-less [1]. Some googling showed that Constanze has done quite
> > a bit of work in the area and that there was a consensus to include
> > functions to set caps within portage [2]. I don't know what, if
> > anything has been done since then, but I'd like to lend my support.
> >
>
> One problem that came up was that a lot of people use tmpfs for
> /var/tmp/portage, and tmpfs doesn't support xattrs which are needed
> for setting caps.
Will packages always explicitly set caps themselves or will sometimes
upstream do that for us?
IOW, will we have total control over actual caps?
--
Best regards,
Michał Górny
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic