On 29/11/19 10:34, Daniel P. Berrangé wrote: >> y) Should we flip over to only using one or the other - what >> are the advantages? > In libvirt we use libcap-ng. We picked this originally as its API > design allows you do write simpler code than libcap in some cases > You can see some docs & examples here: > > https://people.redhat.com/sgrubb/libcap-ng/ > > So I vote for changing the 9p code to use libcap-ng.
It's not entirely trivial because fsdev-proxy-helper wants to keep the effective set and clear the permitted set; in libcap-ng you can only apply both sets at once, and you cannot choose only one of them in capng_clear/capng_get_caps_process. But it's doable, I'll take a look. In the meanwhile, if someone else wants to look at the CI I would appreciate that. Paolo
