Gentoo Archives: gentoo-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [rfc] enable USE=xattr by default
Date: Thu, 15 Oct 2015 03:48:19
Message-Id: 20151015034807.GK4446@vapier.lan
USE=xattr is needed nowadays to support:
- filesystem caps (those things that let you drop set*id and generally
  improves system security w/little to no runtime overhead)
- PaX file markings (replaces binutils ELF markings)
- selinux

we actually have USE=filecaps on by default already, and catalyst
hard requires tar[xattr] in order to work.  the hardened profile
also package.use.force's this flag on for some core packages.

not too many packages actually utilize this flag, and when they do,
it's to pull in the attr package which clocks in at <200 KiB.  the
runtime overhead tends to be low to non-existent as xattrs tend to
be used only when requested.

when support is not available in the FS or kernel, packages should
generally fall back gracefully.

anyone opposed to flipping this flag on by default ?

reference:
https://bugs.gentoo.org/506198
https://bugs.gentoo.org/556408
-mike

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [rfc] enable USE=xattr by default Jason Zaman <perfinion@g.o>
Re: [gentoo-dev] [rfc] enable USE=xattr by default Tobias Klausmann <klausman@g.o>
Re: [gentoo-dev] [rfc] enable USE=xattr by default "Anthony G. Basile" <blueness@g.o>