Hello Torsten, Torsten Luettgert: > Is it possible to have cap_set_file implemented in aufs? It looks > like Fedora started to use file capabilities instead of setuid, and now > RedHat Enterprise Linux 7 has copied this (it's based on Fedora 19). I > expect this will become more common in the future.
I think it possible. Actually supporting the cabability is on my todo list for a long time (as well as xattr and acl). Now its priority becomes highest since the specific requirement from the user in real world appears. The problematic part is the internal copy-up/down. The support of cap/acl/xattr by the src and dst branch fs in aufs may differ. For example, - the src branch fs supports the capability. - the dst branch fs does not support the capability. - in aufs, the copy-up happens and tries setting the capability on the dst branch fs. - aufs gets an error (because the dst branch doesn't support it). What should aufs do in this case? Currently I have a plan to introduce a new branch attribute which specifies what to copy-up/down. This situation is similar to a plain file copy in userspace and GNU cp(1) has an option, --preserve to solve it. The new branch attibute will look like (and behave like) --preserve. I will implement it in a few weeks. J. R. Okajima ------------------------------------------------------------------------------
