Hi! On Wed, 2023-06-28 at 10:02:55 +0200, Dennis Camera wrote: > On Wed, 28 Jun 2023 01:57:27 +0200 > Guillem Jover <guil...@debian.org> wrote: > > Some time ago I asked on d-d whether anyone would have an issue with > > dpkg.deb in Debian linking against libcap [D]. And where I had worked > > on the following branch: > > > > > > https://git.hadrons.org/git/debian/dpkg/dpkg.git/log/?h=next/s-s-d-posix-caps > > > > Which I need to go over again before merging. But otherwise support > > for this in that or some other similar form should be coming soon to > > s-s-d. > > I had a quick look at the branch you posted and I'm not sure it > overlaps with the feature requested with this bug. > > If I understand --dropcap correctly it is meant to remove capabilities > from the daemon started by s-s-d, correct?
Yes. > What I am looking for is quite the opposite, however. I'm looking for a > way to add new capabilities to the ambient set of the started daemon. > The ambient set is important for daemons written in interpreted > languages where capabilities cannot be set on the executable file and > where the language may not provide a means to manipulate capabilities > itself. > In such cases, s-s-d would need to set up the capabilities for the > daemon prior to it being exec'ed. Ah, right! Sure, will add something to cover this case too. > Also I would favour if OpenRC's and dpkg's start-stop-daemon could try > to share a common interface. This would make life easier for init > script writers. I'll check whether those interfaces make sense, but then AFAIR the OpenRC s-s-d reimplementation never provided a complete interface and already diverged from the start on the options supported and their semantics, :/ so I'm not sure being constrained by it makes much sense here. Thanks, Guillem
