Mike Gilbert <[email protected]> writes: > Update fcaps.eclass to avoid setting the suid bit by default when file > capabilities are disabled. > > I also did a scan of packages inheriting fcaps and added -m u+s where I > felt it was appropriate. It is possible I missed some, but I think the > risk is fairly small and it should be easy for maintainers to correct.
The series LGTM. Maybe give a chance for people that are likely to have an interest in this to comment though. > > Bug: https://bugs.gentoo.org/811105 > PR: https://github.com/gentoo/gentoo/pull/43375 > > Mike Gilbert (8): > fcaps.eclass: handle FCAPS_DENY_WORLD_READ via a separate chmod call > fcaps.eclass: do not set suid bit as a fallback > app-cdr/cdrtools: pass mode to fcaps > app-emulation/qemu: fcaps -m u+s > app-i18n/fbterm: fcaps -m u+s > gui-apps/swaylock: fcaps -m u+s > sys-libs/pam: fcaps -m u+s > x11-misc/slock: fcaps -m u+s > > .../cdrtools/cdrtools-3.02_alpha09-r5.ebuild | 11 +++--- > app-emulation/qemu/qemu-10.0.0.ebuild | 2 +- > app-emulation/qemu/qemu-10.0.2-r50.ebuild | 2 +- > app-emulation/qemu/qemu-10.0.2.ebuild | 2 +- > app-emulation/qemu/qemu-10.0.3.ebuild | 2 +- > app-emulation/qemu/qemu-9.1.3-r2.ebuild | 2 +- > app-emulation/qemu/qemu-9.2.3-r3.ebuild | 2 +- > app-emulation/qemu/qemu-9.2.4.ebuild | 2 +- > app-emulation/qemu/qemu-9999.ebuild | 2 +- > app-i18n/fbterm/fbterm-1.7_p20190503.ebuild | 10 ++---- > eclass/fcaps.eclass | 36 ++++++++++--------- > gui-apps/swaylock/swaylock-1.8.0.ebuild | 2 +- > gui-apps/swaylock/swaylock-9999.ebuild | 4 +-- > sys-libs/pam/pam-1.7.0_p20241230-r3.ebuild | 2 +- > sys-libs/pam/pam-1.7.1.ebuild | 2 +- > x11-misc/slock/slock-1.5.ebuild | 4 +-- > 16 files changed, 43 insertions(+), 44 deletions(-)
