| 1 |
On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote: |
| 2 |
> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile <blueness@g.o> wrote: |
| 3 |
>> Hi everyone, |
| 4 |
>> |
| 5 |
>> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar) |
| 6 |
>> and myself were talking about other distros moving away from setuid |
| 7 |
>> binaries towards caps. Openwall and Fedora are now setuid-less [1]. |
| 8 |
>> Some googling showed that Constanze has done quite a bit of work in the |
| 9 |
>> area and that there was a consensus to include functions to set caps |
| 10 |
>> within portage [2]. I don't know what, if anything has been done since |
| 11 |
>> then, but I'd like to lend my support. |
| 12 |
>> |
| 13 |
> One problem that came up was that a lot of people use tmpfs for |
| 14 |
> /var/tmp/portage, and tmpfs doesn't support xattrs which are needed |
| 15 |
> for setting caps. |
| 16 |
> |
| 17 |
> Linux 3.0 has added support for xattrs with tmpfs (the redhat folks |
| 18 |
> did the work, afaik), so that problem is partly solved now. |
| 19 |
> |
| 20 |
> |
| 21 |
|
| 22 |
I know, there are lots of places where xattrs is not supported that lead |
| 23 |
to the same problem. I'm tempted to respond with pkg_postinst() but I |
| 24 |
see QA problems written all over that. |
| 25 |
|
| 26 |
-- |
| 27 |
Anthony G. Basile, Ph.D. |
| 28 |
Gentoo Linux Developer [Hardened] |
| 29 |
E-Mail : blueness@g.o |
| 30 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 31 |
GnuPG ID : D0455535 |
Archives