| 1 |
On Monday 24 March 2008, Alon Bar-Lev wrote: |
| 2 |
> On 3/24/08, Mike Frysinger <vapier@g.o> wrote: |
| 3 |
> > Diego and i were talking ... we're going to go with USE=filecaps because |
| 4 |
> > it's so new and doesnt require the libcap library in order to work at |
| 5 |
> > runtime. probably be worthwhile to put together a little eclass of |
| 6 |
> > functions to make people's lives easier ... |
| 7 |
> |
| 8 |
> Great!!! |
| 9 |
> You write eclass, me start patching ebuilds and open bugs against |
| 10 |
> maintainers :) |
| 11 |
|
| 12 |
eclass wrapping will also allow us to abstract away the fun OS details, but |
| 13 |
we'll start with linux for now. |
| 14 |
|
| 15 |
how much do we want to help the user ? if they have USE=filecaps, then dont |
| 16 |
perform any checking ? we'll need a kernel with file capabilities turned on, |
| 17 |
otherwise the prog wont work unless it's setuid ... so do we perform checking |
| 18 |
and drop the setuid bit on the post sly ? i'd prefer we just make the |
| 19 |
filecaps desc verbose: dont set this unless you have new enough kernel with |
| 20 |
options enabled, otherwise things may stop working properly as non-root. |
| 21 |
-mike |
Archives