>>>>> "Thomas" == Thomas Lange <la...@informatik.uni-koeln.de> writes:
>>>>> On Mon, 07 Nov 2016 17:36:41 -0500, Sam Hartman
>> Currently, the sample configuration namespace has a shell script
>> to restore the common capabilities found in base files; see
>> scripts/DEBIAN/20-capabilities.
Thomas> In this script, I'm doing the same things that are done in
Thomas> the postinst script of the package.
No, you're doing what the postinst script did on the day you wrote that
config script.
First, there's no guarantee that you'll notice when the packages in
question change.
Secondly, even if you do update the examples, each FAI user has to
update every one of their configuration spaces.
That tends to produce unexpected behavior over time.
Thomas> Also there was a bug in tar which added some xattr or
Thomas> capabilities even no were defined when creating the tar
Thomas> file. Have a look at #819978. IIRC this was one reason to no
Thomas> use xattrs with tar by default. -- regards Thomas
That seems to be dealing with --acls not --xattrs
--xattrs-include=security.capability.
At least with the stretch tar, I do not get default ACLs when I use
--xattrs --xattrs-include=security.capability.
