On Sat, Apr 09, 2011 at 15:34:55 -0400, Jeff Johnson wrote: >>> There's no known reason why xattr's can't be done in other ways. >> >> Like what? > > Like not having RPM attach xattr's.
Please tell me how to do root-free (capabilities-based) system without xattrs in rpm - doing this outside upgrade procedure leaves window for making system unusable in cases like power failure. Now we're using some dumb solutions like 'admin' group for SUID ICMP ping instead attaching proper file capabilities. In long term we should remove ALL SUID binaries from distribution, as this approach is broken by design and should be obsoleted 10 years ago. -- Tomasz Pala <[email protected]> _______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
