On 09/11/10 14:56, Mike Frysinger wrote: > On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote: >> I still don't see the logic of not including capabilities in the >> "install" feature set. We could use chmod and chown separately, too. But >> still, setting owner/group and mode are a core functionality of this >> utility. Similarly, if we think that POSIX capabilities are important >> (see e.g. http://fedoraproject.org/wiki/Features/RemoveSETUID), we >> should make their use as easy and natural as possible. For me that means >> at the minimum support in install, tar (and derived packaging tools) and >> possibly ls. > > FWIW, it'd make my life easier as a distro maintainer as i wouldnt need to > force `setcap` on everyone ... > -mike
Your experience in these matters certainly sways things. I'd like to understand fully though before proceeding. By forcing `setcap` on everyone, do you mean as a build time package dependency, or does gentoo &/or dpkg not support capabilities thus requiring it as an install time dep? If a package needs capabilities, is this dep really an issue? Could you expand on the failure modes you would expect. I presume if one asks for capabilities we should error if they weren't set. Would we need to verify like setcap -v? cheers, Pádraig.
