Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651008 - fcaps.eclass should not give execute permission to 'others'
Summary: fcaps.eclass should not give execute permission to 'others'
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Eclasses (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2018-03-20 17:11 UTC by Scall
Modified: 2021-07-27 17:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
fcaps.eclass.patch (fcaps.eclass.patch,1.05 KB, text/x-diff)
2018-03-20 17:11 UTC, Scall 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Scall 2018-03-20 17:11:26 UTC 
The fcaps eclass shouldn't give the execute permission to 'others', otherwise sysadmins can't easily restrict the executable to a group using post_src_install() like in this example:

/etc/portage/env/category/package:
post_src_install() {
    chgrp group   "${ED}"/executable_path
    chmod o-x     "${ED}"/executable_path
    setcap cap+ep "${ED}"/executable_path
}
Comment 1 Scall 2018-03-20 17:11:38 UTC 
Created attachment 524550 [details]
fcaps.eclass.patch

Proposed patch attached.
Comment 2 Scall 2018-03-21 15:52:31 UTC 
>    setcap cap+ep "${ED}"/executable_path
^ Oops, ignore that line in the post_src_install() example; it shouldn't be there.
Comment 3 Mike Gilbert gentoo-dev 2021-07-27 17:28:47 UTC 
I'm not sure it is worth changing the fcaps function to "support" this.

You could accomplish essentially the same goal by defining a post_pkg_postinst function instead of a post_src_install function.

> post_pkg_postinst() {
> 	chgrp group   "${EROOT}"/executable_path
> 	chmod o-x     "${EROOT}"/executable_path
> 	setcap cap+ep "${EROOT}"/executable_path
> }