Guillem Jover <guil...@debian.org> writes: > On Tue, 2020-08-04 at 13:56:45 -0700, Russ Allbery wrote:
>> I assume this is in support of systems, containers, or jails where UID >> 0 may not have CAP_FOWNER? > If that's the reason, it certainly was not clear from the original > report. :) It seems like the context in which this change would be meaningful. That said, in the situations where I'm dropping capabilities, I would also generally remount file systems like /usr read-only (systemd's ProtectSystem, for example), so I'm having some trouble generating a scenario in which the file permission changes matter. I think a concrete use case would be useful for analysis. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>