On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile <bluen...@gentoo.org> wrote: > Hi everyone, > > A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar) > and myself were talking about other distros moving away from setuid > binaries towards caps. Openwall and Fedora are now setuid-less [1]. > Some googling showed that Constanze has done quite a bit of work in the > area and that there was a consensus to include functions to set caps > within portage [2]. I don't know what, if anything has been done since > then, but I'd like to lend my support. >
One problem that came up was that a lot of people use tmpfs for /var/tmp/portage, and tmpfs doesn't support xattrs which are needed for setting caps. Linux 3.0 has added support for xattrs with tmpfs (the redhat folks did the work, afaik), so that problem is partly solved now. -- ~Nirbheek Chauhan Gentoo GNOME+Mozilla Team
