On Saturday 13 August 2011 11:24:55 Kevin Day wrote: > On 8/13/11, Robert Connolly <rob...@linuxfromscratch.org> wrote: > > Some amendments for the book: > > > > The mount options "acl,user_xattr", and the kernel config option > > "CONFIG_SECURITY_FILE_CAPABILITIES" are mandatory. Along with acl and > > security > > labels for the file system of choice. This is the only way to drop > > suid-root from programs. > > > > If new LFS boot scripts are used, then /run needs to be created, and > > added as > > a tmpfs to /etc/fstab. > > > > Aside from that, things are going well. I have a core2 machine running > > HLFS, and it's running well. I'm anxious to add iptables. > > > > robert > > There is one thing to keep in mind when dealing with acl. > Squashfs does not support acl. > It would be a good thing to note that if any of the files with acl are > "squashed", they will lose their acl permissions. > > Squash does support xattr, so if you don't use any acl (as would be > needed for something like ping), then you should be fine. > > I am not aware of tar having any problems with acl.
There's a strange problem with attributes not surviving from the chroot to reboot. Doesn't make sense. robert
signature.asc
Description: This is a digitally signed message part.
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
