1 |
> The user would like a way to disable linux compatability if your kernel |
2 |
> does not support it by using the 'caps' use flag. Maybe I dont fully |
3 |
> understand 'linux compatability' but if we're all running Gentoo, arent |
4 |
> we all running linux in the first place? |
5 |
|
6 |
It's "capabilities", not "compatability [sic]". My understanding |
7 |
is that capabilities allow for partitioning of root's all-powerful |
8 |
nature into fine-grained permissions. Thus, obtaining root is no longer |
9 |
sufficient to do massive harm. I believe this notion is central to |
10 |
selinux, but I'm not sure if anything else uses it at the moment. |
11 |
|
12 |
> My problem surfaces: Bind enables 'linux compatability' by default. |
13 |
> Gentoo does have a linux compability flag (caps), but this is only to |
14 |
> ENABLE linux compatability, not to disable it. I attempted to use the |
15 |
> bugger's suggestion, but repoman got pissed on a full scan. Grant |
16 |
> mentioned maybe making 'caps' part of the default use flag. |
17 |
|
18 |
Actually, what I said is that capabilities should be disabled _unless_ |
19 |
USE=caps, and that if there seemed to be a broad need for capabilities |
20 |
for our users then we might want to discuss making it a default USE |
21 |
flag. |
22 |
|
23 |
> Basically I'd like a way of using a "reverse" use flag, -caps, and if |
24 |
> -caps is set, disable linux compat; if the flag is not set, do not add |
25 |
> any --config-option at all. |
26 |
|
27 |
I don't think a reverse flag is needed here. The fact that bind only |
28 |
has a --disable setting for capabilities and not an --enable is a bit |
29 |
odd, but it doesn't require us to change how our USE flags work. If |
30 |
USE=caps, then no flag needs to be sent to configure (but comment the |
31 |
ebuild so there's a record that bind's configure is warped), but if |
32 |
"caps" is not in USE, then send the --disable. |
33 |
|
34 |
Best, |
35 |
g2boojum |
36 |
-- |
37 |
Grant Goodyear |
38 |
Gentoo Developer |
39 |
g2boojum@g.o |
40 |
http://www.gentoo.org/~g2boojum |
41 |
GPG Fingerprint: D706 9802 1663 DEF5 81B0 9573 A6DC 7152 E0F6 5B76 |