Am 01.10.2012 14:15, schrieb Stéphane Gaudreault: > I am not sure what is the best way to fall back to suid root. A possible > workaround for the case of installing on a filesystem that does not > support capabilities could be something like : > > setcap cap_net_raw=ep usr/bin/ping || chmod +s usr/bin/ping > > But I think that we will still get into problems if it is installed on a > filesystems that support capabilities and if this filesystem is exported > on NFS to clients.
If you run the post_install on the host file system and export that via NFS, yes - but we have no way to detect this scenario. IMO, root file systems on NFS are a failure by design anyway - I worked in such a scenario for years and it is a bad bad bad idea. While we should fix easy problems such as this one, we should not spend too much time on making this work. > Any ideas ? Your solution looks fine, but the message should be silenced with 2>/dev/null.
signature.asc
Description: OpenPGP digital signature
