Gentoo Archives: gentoo-dev

From: Brian Harring <ferringb@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] eclass for handling of file-based capabilities
Date: Sun, 06 Mar 2011 23:41:32
Message-Id: 20110306234017.GB9616@hrair
In Reply to: Re: [gentoo-dev] eclass for handling of file-based capabilities by Constanze Hausner
On Sun, Mar 06, 2011 at 05:34:29PM +0100, Constanze Hausner wrote:
> On 17:44 Sat 05 Mar , Ciaran McCreesh wrote: > > * tar and xattrs is a massive problem, so how do binaries work? > tar can be patched to support xattrs. If we want to use caps, we will > have to apply those patches too. (iirc Fedora already uses such > patches).
For binpkg, the approach I mentioned would remove the need to for tar to support xattrs- the same mechanism for the PM to tweak the perms would be usable. So no need for tar/bsdtar to restore xattrs- it's undesirable anyways since as I mentioned, if the cap couldn't be applied for whatever reason it would result in a chmod -s binary being installed. For src, I'd strongly be against restoration there. It just opens up way too many surprises- a simple example is a tarball carrying the immutable flag. Xattrs really should be specified by the ebuild (and applied by the PM) instead- far more controlled namely. ~harring