On Tue, Oct 14, 2014, at 03:15 PM, Alexander Larsson wrote: > > >Things get really interesting of course if we're really thinking about > > production because > > because?
I forget what I was writing there... > I agree, we don't want to have setuid binaries lying around, even in the > repo. Can we have files in the repo not store the setuid bit? That would > mean we have to copy the file (not hardlink) when checking out, but how > many files are setuid? Then we could have a no-setuid checkout mode > similar to -U that does not apply this flag at all. https://bugzilla.gnome.org/show_bug.cgi?id=722984 But this seems like a case for "ostree pull --untrusted" or so? Even this though I'm not sure about because it seems likely to me that we want SELinux labeling to happen at install time, by the host policy, or conversely that apps shouldn't get to determine labels. Possibly we could enforce that the apps come without security.selinux, but then to ensure sharing we'd have to compute the checksum on the client of content + label. Going to have the same SELinux issues with apps-as-btrfs too of course. _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
