On Wednesday, November 10, 2010 07:00:51 Pádraig Brady wrote:
> Ideally the package archive format should
> support capabilities if they're needed,
> and tar et. al. should support the attributes
> if they're important.
yes, but tar doesnt support it today
> From a package maint point of view,
>
Libcap, specifically cap_set_file() returns an error when it cannot set
capabilities on a file. In the proposed patch, this is indeed bubbled up
as an exit error.
Thanks,
Yaron
On 11/10/2010 01:49 AM, Mike Frysinger wrote:
On Tuesday, November 09, 2010 10:34:22 Pádraig Brady wrote:
On 09
On 09/11/10 23:49, Mike Frysinger wrote:
> On Tuesday, November 09, 2010 10:34:22 Pádraig Brady wrote:
>> On 09/11/10 14:56, Mike Frysinger wrote:
>>> On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote:
I still don't see the logic of not including capabilities in the
"install" feat
On Tuesday, November 09, 2010 10:34:22 Pádraig Brady wrote:
> On 09/11/10 14:56, Mike Frysinger wrote:
> > On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote:
> >> I still don't see the logic of not including capabilities in the
> >> "install" feature set. We could use chmod and chown separa
Pádraig Brady wrote:
> On 09/11/10 14:56, Mike Frysinger wrote:
>> On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote:
>>> I still don't see the logic of not including capabilities in the
>>> "install" feature set. We could use chmod and chown separately, too. But
>>> still, setting owner/g
On 09/11/10 14:56, Mike Frysinger wrote:
> On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote:
>> I still don't see the logic of not including capabilities in the
>> "install" feature set. We could use chmod and chown separately, too. But
>> still, setting owner/group and mode are a core fun
On Sunday, November 07, 2010 08:57:22 Yaron Sheffer wrote:
> I still don't see the logic of not including capabilities in the
> "install" feature set. We could use chmod and chown separately, too. But
> still, setting owner/group and mode are a core functionality of this
> utility. Similarly, if we
Hi Jim, Pádraig,
I still don't see the logic of not including capabilities in the
"install" feature set. We could use chmod and chown separately, too. But
still, setting owner/group and mode are a core functionality of this
utility. Similarly, if we think that POSIX capabilities are important
Yaron Sheffer wrote:
> it's somewhat cleaner to have all the security-critical settings in
> one place: owner, group, permissions, capabilities (and grep for "-P"
> or "--capabilities"...). Plus you can rely on "install" to always be
> there, which I don't think is true for "setcap".
Thanks for th
Hi Pádraig,
it's somewhat cleaner to have all the security-critical settings in one
place: owner, group, permissions, capabilities (and grep for "-P" or
"--capabilities"...). Plus you can rely on "install" to always be there,
which I don't think is true for "setcap".
Thanks,
Yaron
On 11
On 04/11/10 11:08, Pádraig Brady wrote:
> Thanks for the patch!
> I think the feature is worth it.
>
> Currently install does not preserve xattrs
> and so looses any previous capabilities
> associated with a file.
>
> In any case, capabilities don't need to be implemented
> using xattrs, and migh
Thanks for the patch!
I think the feature is worth it.
Currently install does not preserve xattrs
and so looses any previous capabilities
associated with a file.
In any case, capabilities don't need to be implemented
using xattrs, and might not be on tmpfs on Linux
for example when support is eve
Now with a patch.
Thanks,
Yaron
On 11/03/2010 12:44 PM, Yaron Sheffer wrote:
Hi,
Posix capabilities have been in the kernel for some time, but
userspace support is lagging. "Install" is one such missing piece.
I suggest to add a "--capability" flag, with syntax taken from setcap.
E.g
13 matches
Mail list logo
