On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote: > On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile <bluen...@gentoo.org> > wrote: >> Hi everyone, >> >> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar) >> and myself were talking about other distros moving away from setuid >> binaries towards caps. Openwall and Fedora are now setuid-less [1]. >> Some googling showed that Constanze has done quite a bit of work in the >> area and that there was a consensus to include functions to set caps >> within portage [2]. I don't know what, if anything has been done since >> then, but I'd like to lend my support. >> > One problem that came up was that a lot of people use tmpfs for > /var/tmp/portage, and tmpfs doesn't support xattrs which are needed > for setting caps. > > Linux 3.0 has added support for xattrs with tmpfs (the redhat folks > did the work, afaik), so that problem is partly solved now. > >
I know, there are lots of places where xattrs is not supported that lead to the same problem. I'm tempted to respond with pkg_postinst() but I see QA problems written all over that. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
