Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

[Rahul Sundaram]

 On 10/28/2010 01:11 AM, Kevin Fenzi wrote:

* #480 F15Feature - RemoveSETUID (
  http://fedoraproject.org/wiki/Features/RemoveSETUID )  (nirik,
  19:15:16)
  * AGREED: the feature is approved.  (nirik, 19:26:46)


This feature is now approved and I see bugs get filed.  The documentation
and guidelines are very incomplete.  How does one figure out which file
capabilities are needed by the programs I maintain that currently use
setuid?  Help, please.

Rahul
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Heads Up - New Firefox update

[Martin Stransky]

Hi,

there's a new Firefox update waiting in Bodhi and we can't push it to 
stable because of new rules. We recommend you to update to it ASAP as it 
fixes a public critical 0day vulnerability 
(https://bugzilla.mozilla.org/show_bug.cgi?id=607222).

Bodhi links:
https://admin.fedoraproject.org/updates/firefox-3.5.15-1.fc12,xulrunner-1.9.1.15-1.fc12,mozvoikko-1.0-14.fc12,gnome-web-photo-0.9-11.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.17,gnome-python2-extras-2.25.3-22.fc12,galeon-2.0.7-27.fc12

https://admin.fedoraproject.org/updates/firefox-3.6.12-1.fc13,xulrunner-1.9.2.12-1.fc13,mozvoikko-1.0-16.fc13,gnome-web-photo-0.9-14.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.19,gnome-python2-extras-2.25.3-24.fc13,galeon-2.0.7-35.fc13

ma.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

[Pekka Pietikainen]

On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
> This feature is now approved and I see bugs get filed.  The documentation and
> guidelines are very incomplete.  How does one figure out which file
> capabilities are needed by the programs I maintain that currently use setuid? 
> Help, please.
Probably: remove setuid bit, run, see what breaks. strace may be useful

[...@the ~]$ strace ./rsh localhost 2>&1|grep EACCES
bind(3, {sa_family=AF_INET6, sin6_port=htons(1023), inet_pton(AF_INET6,
"::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES
(Permission denied)

-> needs CAP_NET_BIND_SERVICE. It didn't seem to output any error to the
user, so the lacking permissions may be well-hidden.

https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
seems to have a list btw., which may or may not be correct.

Do note that removing suid from some programs is a bad idea:
"Warning: Do not use it, because mount and umount can not do some checks,
then users can mount/umount filesystems that do not have permission."
(probably those checks could/should be implemented upstream, if they're not
already there)

So it's a feature that could introduce new vulnerabilities
if done wrong, but it's certainly worth doing, carefully. If uncertain,
ask.


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: who broke fedoraproject.org usability?

[Nicolas Mailhot]

Le Mer 27 octobre 2010 21:33, Laurent Rineau a écrit :
> Le mercredi 27 octobre 2010 18:32:29, Jason L Tibbitts III a écrit :
>> > "MP" == Michał Piotrowski  writes:
>> MP> Where is the link to the wiki? It's in page footer.
>>
>> Actually it's right at the top; click "Contributors".  (I can't tell you
>> why it's called "Contributors" but clicking there takes you where you
>> want to go.)
>
> With my setup, where fonts are bigger by default, I cannot see the link
> "Contributors" (it is behind the div #site-content). I have to decrease the
> font sizes to see it.

Yes, bigger default fonts + more verbose language = breakage
The new page is nice but it has reflow problems

-- 
Nicolas Mailhot

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: who broke fedoraproject.org usability?

[Michał Piotrowski]

2010/10/28 Rahul Sundaram :
>  On 10/28/2010 03:27 AM, Benjamín Valero Espinosa wrote:
>> 2010/10/27 Michał Piotrowski
>>
>>     2010/10/27 Matthew Miller
>>     > On Wed, Oct 27, 2010 at 09:49:14PM +0200, Michał Piotrowski wrote:
>>     >> Someone should fix this ugly font - looks bad in Vista...
>>     >
>>     > It looks beautiful on Fedora.
>>
>>     I also like it
>>
>>     > Is the font not rendering properly in Vista,
>>     > do you mean you don't like the design choice?
>>
>>     Font looks bad under Windows - I can send a screenshot.
>>
>>
>> In Spanish, we use an opening mark for questions. This symbol, in this
>> font, is absolutely horrible (it is upside down).
>
> Can you file a bug report against the font with a screenshot?

https://bugzilla.redhat.com/show_bug.cgi?id=647437

Regards,
Michal

>
> Rahul
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: who broke fedoraproject.org usability?

[Rahul Sundaram]

 On 10/28/2010 04:51 PM, Arnoldas S. wrote:

  Isn't Hulk the copyrighted trademark?


"coprighted trademark" is not correct usage.  It might be a trademark.  Does
not prevent fair use.  Legal questions should be directed to legal AT
fedoraproject.org

Rahul
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Orphaning packages

[Victor G. Vasilyev]

appframework -- Swing Application Framework
beansbinding -- Beans Binding (JSR 295) reference implementation
bindex -- Bundle Manifest Header Mapper
bytelist -- A java library for lists of bytes
cobertura -- Java tool for calculating the test coverage
felix-framework -- Apache Felix Framework
felix-main -- Apache Felix Main
felix-osgi-compendium -- Apache Felix Project: OSGi Compendium Bundle
felix-osgi-foundation -- OSGi Foundation Execution Environment (EE) Classes
freemarker -- FreeMarker template engine
ini4j -- Java API for handling files in Windows .ini format
javahelp2 -- JavaHelp is a full-featured, platform-independent, 
extensible help system
jcodings -- Java Libraries for Ruby String Encodings
jemmy -- Java UI testing library
jvyamlb -- YAML processor for JRuby
netbeans -- Integrated Development Environment (IDE)
netbeans-javaparser -- NetBeans Java Parser
netbeans-platform -- NetBeans Platform 9
netbeans-platform8 -- NetBeans Platform 8
netbeans-resolver -- Resolver subproject of xml-commons patched for NetBeans
netbeans-svnclientadapter -- Subversion Client Adapter

If you have any questions about the packages then, please, contact me 
via e-mail victor.g.vasilyev at gmail.com

Thanks,
Victor G. Vasilyev

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/28/2010 04:14 AM, Pekka Pietikainen wrote:
> On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
>> This feature is now approved and I see bugs get filed.  The documentation and
>> guidelines are very incomplete.  How does one figure out which file
>> capabilities are needed by the programs I maintain that currently use 
>> setuid? 
>> Help, please.
> Probably: remove setuid bit, run, see what breaks. strace may be useful
> 
> [...@the ~]$ strace ./rsh localhost 2>&1|grep EACCES
> bind(3, {sa_family=AF_INET6, sin6_port=htons(1023), inet_pton(AF_INET6,
> "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES
> (Permission denied)
> 
> -> needs CAP_NET_BIND_SERVICE. It didn't seem to output any error to the
> user, so the lacking permissions may be well-hidden.
> 
> https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
> seems to have a list btw., which may or may not be correct.
> 
> Do note that removing suid from some programs is a bad idea:
> "Warning: Do not use it, because mount and umount can not do some checks,
> then users can mount/umount filesystems that do not have permission."
> (probably those checks could/should be implemented upstream, if they're not
> already there)
> 
> So it's a feature that could introduce new vulnerabilities
> if done wrong, but it's certainly worth doing, carefully. If uncertain,
> ask.
> 
> 

I think we can refine this as we go.  Steve Grubb is a great source of
information on handling capabilities.  One other goal of this is to find
the apps that need full setuid and update rpmlint/whitelist with those
apps.  su, sudo, ksu, userhelper all need full setuid (capabilities).

If your setuid app is covered by SELinux policy we know in the rules
which capabilities are used in the application, so you can work with the
SELinux team to get the list.   In some cases you might have
capabilities that you do not need.  For example newrole needs to send
audit messages, (cap_audit_write) but when we coded it up originally it
was setuid root, and started as root, then executed the setuid(USERUID)
call, requiring the cap_setuid capability.  Then it dropped capabilities
requiring additional capabilities.  By moving the code to file
capabilities, I was able to give it just cap_audit_write and drop the
code to change the setuid and drop capabilities, eliminating the need
for these capabilities.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzJa2oACgkQrlYvE4MpobNMWQCbBHT664Rillc8ja/6MdvLVC94
HVwAoKUlyvb2+QXIIhXzB4DeSuXSRyKF
=4Wuk
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Space for public package git repositories

[Todd Zullinger]

Tim Niemueller wrote:
> Recently I wanted to modify a package. Since we now use git for
> packages, the following work flow feels natural:
>
> git clone package-repo
> make changes in package repo
> commit
> push repo somewhere
> send pull request to package maintainer
>
> Is that the anticipated workflow?

That works.  Or if it wasn't a package you planned to work on often,
git send-email can email the changes in a format suitable for git am
to import.

> Should I use fedorapeople.org webspace to push the repository to (a
> newer git version there would be nice then)

Why is a new version needed?  For simply pushing and pulling changes,
the version provided in EPEL should be fine.  It manages to work well
enough on fedorahosted, which gets a decent amount of use.

Incidentally, if you'd like to see an updated git for EL-5, point
anyone you know that uses emacs-git my way.  AFAIK, the only hang up
to updating EPEL to git-1.7 is working out how to maintain the emacs
support¹.

¹ https://bugzilla.redhat.com/600411

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
There is nothing government can give you that it hasn't taken from you
in the first place.
-- Winston Churchill



pgpfBZ46AALtd.pgp
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

[Bug 647503] New: perl-Log-Dispatch: please update to 2.27

[bugzilla]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: perl-Log-Dispatch: please update to 2.27

https://bugzilla.redhat.com/show_bug.cgi?id=647503

   Summary: perl-Log-Dispatch: please update to 2.27
   Product: Fedora
   Version: 14
  Platform: Unspecified
OS/Version: Unspecified
Status: NEW
  Severity: medium
  Priority: low
 Component: perl-Log-Dispatch
AssignedTo: tcall...@redhat.com
ReportedBy: j...@di.uminho.pt
 QAContact: extras...@fedoraproject.org
CC: tcall...@redhat.com, fedora-perl-devel-l...@redhat.com
Classification: Fedora


Description of problem:
The latest upstream version is version 2.27.

Version-Release number of selected component (if applicable):
Current version for Rawhide/Fedora 14 is 2.22.

Expected results:
Version 2.27 available for Fedora 13, Fedora 14, Rawhide, EPEL5 and EPEL6 

Additional info:
http://search.cpan.org/dist/Log-Dispatch/

Changes:
http://cpansearch.perl.org/src/DROLSKY/Log-Dispatch-2.27/Changes

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

Re: experimental systemd + initscripts repo

[Bill Nottingham]

Lennart Poettering (mzerq...@0pointer.de) said: 
> > Fixed in git, thanks for the report.
> 
> BTW: A nice way to make activation of services conditional based on
> existance of a file is the relatively new ConditionPathExists= setting
> in [Unit]. If the file listed there doesn't exist, then the unit will
> not actualy be started, however, it is still useful for all
> synchronization purposes, and hence not disrupt startup in any way.
> 
> You can even specify more than one file in which case the unit will be
> run when at least one of those files exists.

http://git.fedorahosted.org/git/?p=initscripts.git;a=commit;h=12cabd751919122551b6eb73850b35fbe565c679

Bill
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Space for public package git repositories

[yersinia]

On Thu, Oct 28, 2010 at 5:01 PM, Todd Zullinger  wrote:

> Tim Niemueller wrote:
> Incidentally, if you'd like to see an updated git for EL-5, point
> anyone you know that uses emacs-git my way.  AFAIK, the only hang up
> to updating EPEL to git-1.7 is working out how to maintain the emacs
> support¹.
>
Beware also that git 1.7 by default enforce that it is not possible to push
to a repository git "not bare", and, from my experience, many EPEL users
don't haven't read the advice on this of the git manual - just an example of
another possible "incompatibility"

>
> ¹ https://bugzilla.redhat.com/600411
>
> --
> ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: 
> www.pobox.com/~tmz/pgp
> ~~
> There is nothing government can give you that it hasn't taken from you
> in the first place.
>-- Winston Churchill
>
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

F-14 Branched report: 20101028 changes

[Branched Report]

Compose started at Thu Oct 28 13:15:57 UTC 2010

Broken deps for x86_64
--
qtgpsc-0.2.3-6.fc12.x86_64 requires libgps.so.18()(64bit)



Broken deps for i386
--
qtgpsc-0.2.3-6.fc12.i686 requires libgps.so.18




Summary:
Added Packages: 0
Removed Packages: 0
Modified Packages: 0
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Space for public package git repositories

[Todd Zullinger]

yersinia wrote:
> Beware also that git 1.7 by default enforce that it is not possible
> to push to a repository git "not bare", and, from my experience,
> many EPEL users don't haven't read the advice on this of the git
> manual - just an example of another possible "incompatibility"

Yep, but that's a reasonable change and configurable for those that
want the old behavior.  It was mentioned on epel-devel a while back,
when we discussed updating¹.

¹ http://www.redhat.com/archives/epel-devel-list/2010-June/msg00023.html

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Now, now my good man, this is no time for making enemies.
-- Voltaire, on his deathbed in response to a priest asking that
he renounce Satan.



pgppu9T9SL4vH.pgp
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Building boo against mono-2.8 problem

[Michel Alexandre Salim]

On Thu, 28 Oct 2010 00:50:24 +0100, Paul F. Johnson wrote:

> Hi,
> 
> In order to build the latest version of boo (the current one in the
> repos won't build against mono-2.8), the old version of boo has to be
> removed as there is a conflict with Boo.Lang.Extensions in gac (it is a
> known bug which is being worked on upstream).
> 
> Is it possible to build boo on koji without removing the old version or
> is there a way to just remove Boo.Lang.Extensions from the gac?
> 
Not sure how this is a problem. Boo.Lang.Extensions.dll is only shipped 
by the boo package, right? And rebuilding boo does *not* pull in the old 
version, so where's the conflict coming from?


-- 
Michel Alexandre Salim
Fedora Project Contributor: http://fedoraproject.org/

Email:  sali...@fedoraproject.org  | GPG key ID: 78884778
Jabber: hir...@jabber.ccc.de   | IRC: hir...@irc.freenode.net

()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

[Richard W.M. Jones]

On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
>  On 10/28/2010 01:11 AM, Kevin Fenzi wrote:
> 
> * #480 F15Feature - RemoveSETUID (
>   http://fedoraproject.org/wiki/Features/RemoveSETUID )  (nirik,
>   19:15:16)
>   * AGREED: the feature is approved.  (nirik, 19:26:46)
> 
> 
> This feature is now approved and I see bugs get filed.  The documentation
> and guidelines are very incomplete.  How does one figure out which file
> capabilities are needed by the programs I maintain that currently use
> setuid?  Help, please.

More to the point, I can easily see the setuid bit easily on a binary.

How do I tell if these strange/hidden "capabilities" are present on a
binary?  'ls' doesn't mention anything.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Building boo against mono-2.8 problem

[Paul F. Johnson]

Hi,

> > Is it possible to build boo on koji without removing the old version or
> > is there a way to just remove Boo.Lang.Extensions from the gac?
> > 
> Not sure how this is a problem. Boo.Lang.Extensions.dll is only shipped 
> by the boo package, right? And rebuilding boo does *not* pull in the old 
> version, so where's the conflict coming from?

Boo itself.

It looks like it tries to pull in Boo.Lang.Extensions from the gac if
its there and build against that - but can't. I'm saying looks like as
upstream aren't that forthcoming with information, just a workaround.

TTFN

Paul
-- 
Vertraue mir, ich weiss, was ich mache...

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

[Joe Nall]

On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote:

> On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
>> On 10/28/2010 01:11 AM, Kevin Fenzi wrote:
>> 
>> * #480 F15Feature - RemoveSETUID (
>>  http://fedoraproject.org/wiki/Features/RemoveSETUID )  (nirik,
>>  19:15:16)
>>  * AGREED: the feature is approved.  (nirik, 19:26:46)
>> 
>> 
>> This feature is now approved and I see bugs get filed.  The documentation
>> and guidelines are very incomplete.  How does one figure out which file
>> capabilities are needed by the programs I maintain that currently use
>> setuid?  Help, please.
> 
> More to the point, I can easily see the setuid bit easily on a binary.
> 
> How do I tell if these strange/hidden "capabilities" are present on a
> binary?  'ls' doesn't mention anything.

getcap

joe


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

F-14 updates hosed?

[Bojan Smojver]

Not sure if I'm imagining things, but it looks as if those have been
hosed. For example:

http://download.fedora.redhat.com/pub/fedora/linux/updates/14/x86_64/

Any ideas?

-- 
Bojan

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: F-14 updates hosed?

[Jose Manimala]

Maybe it is to get populated after the release of Fedora 14?

On Fri, Oct 29, 2010 at 1:26 PM, Bojan Smojver  wrote:
> Not sure if I'm imagining things, but it looks as if those have been
> hosed. For example:
>
> http://download.fedora.redhat.com/pub/fedora/linux/updates/14/x86_64/
>
> Any ideas?
>
> --
> Bojan
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>



-- 
Kind Regards
Jose M Manimala
http://josemanimala.eu.org/blog
GPGkeyID: 1BE49F39
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: F-14 updates hosed?

[Bojan Smojver]

Jose Manimala  fedoraproject.org> writes:

> Maybe it is to get populated after the release of Fedora 14?

Don't think so. These directories get populated as updates are released, after
the creation of the branch. They had files in them just yesterday.

--
Bojan

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: F-14 updates hosed?

[Jose Manimala]

oh ok... then I am on the wrong page... sorry :)

On Fri, Oct 29, 2010 at 1:54 PM, Bojan Smojver  wrote:
> Jose Manimala  fedoraproject.org> writes:
>
>> Maybe it is to get populated after the release of Fedora 14?
>
> Don't think so. These directories get populated as updates are released, after
> the creation of the branch. They had files in them just yesterday.
>
> --
> Bojan
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>



-- 
Kind Regards
Jose M Manimala
http://josemanimala.eu.org/blog
GPGkeyID: 1BE49F39
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Default partitioning

[Javier Prats]

Hello Stephen,

On a default Fedora installation using encryption and LVM it partitioned
a 50GB drive giving 44GB to the root partition and only 4GB to /home.
In most environments saving things to the root partition is avoided and
it seems there is more than enough room for applications.  This is the
first distribution I've seen do this, but it's also the first time using
encryption on partitions.  This is very well ignorance on my part, but
is there a reason for that being the default partitioning scheme?

On Mon, 2010-10-25 at 07:02 -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 10/23/2010 06:39 PM, Javier Prats wrote:
> > Hello all,
> > 
> > I was wondering if this is the correct place to discuss the default
> > partitioning scheme after installation.  If not, could someone please
> > direct me to the correct place?
> > 
> 
> It's as good a place as any. What is your concern?
> 
> - -- 
> Stephen Gallagher
> RHCE 804006346421761
> 
> Delivering value year after year.
> Red Hat ranks #1 in value among software vendors.
> http://www.redhat.com/promo/vendor/
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkzFY8AACgkQeiVVYja6o6McJwCgkw9uJFtBJN0nDkNH41l+DPVu
> 3SwAoIpJopi6oV6omFRUu50ObdFPO6Gb
> =IaGL
> -END PGP SIGNATURE-


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)

[Jason L Tibbitts III]

> "JN" == Joe Nall  writes:

JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote:

>> More to the point, I can easily see the setuid bit easily on a
>> binary.
>> How do I tell if these strange/hidden "capabilities" are
>> present on a binary?  'ls' doesn't mention anything.

JN> getcap

Interesting.  That's in the libcap package, which is sort of oddly named
because it includes executables.  And of course it's multilib, but the
binaries are arch-specific which I believe is a multilib conflict.
Probably needs the executables split out into a libcap-tools packages.

I notice that rpm supports that %caps() directive in the %files list to
specify capabilities.  I don't recall seeing that before; how long ago
did rpm grow support for it?  It looks like it came in around rpm 4.7,
so all supported Fedora releases have it.  However, I'm certain it's not
in RHEL4 and I'm pretty sure it's not in RHEL5 either, so at least the
EPEL folks will need to make a note of it.

 - J<
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel