>>>>> "Thomas" == Thomas Lange <la...@informatik.uni-koeln.de> writes:
>>>>> On Mon, 07 Nov 2016 17:36:41 -0500, Sam Hartman >> Currently, the sample configuration namespace has a shell script >> to restore the common capabilities found in base files; see >> scripts/DEBIAN/20-capabilities. Thomas> In this script, I'm doing the same things that are done in Thomas> the postinst script of the package. No, you're doing what the postinst script did on the day you wrote that config script. First, there's no guarantee that you'll notice when the packages in question change. Secondly, even if you do update the examples, each FAI user has to update every one of their configuration spaces. That tends to produce unexpected behavior over time. Thomas> Also there was a bug in tar which added some xattr or Thomas> capabilities even no were defined when creating the tar Thomas> file. Have a look at #819978. IIRC this was one reason to no Thomas> use xattrs with tar by default. -- regards Thomas That seems to be dealing with --acls not --xattrs --xattrs-include=security.capability. At least with the stretch tar, I do not get default ACLs when I use --xattrs --xattrs-include=security.capability.