Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 364487

Summary: [Future EAPI] Posix file-based capabilities support - Function for setting caps
Product: Gentoo Hosted Projects Reporter: Constanze Hausner (RETIRED) <constanze>
Component: PMS/EAPIAssignee: PMS/EAPI <pms>
Status: CONFIRMED ---    
Severity: enhancement CC: base-system, esigra, mgorny, sam, tsmksubc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 174380    

Description Constanze Hausner (RETIRED) gentoo-dev 2011-04-22 14:46:25 UTC
As stated in the linked mailinglist post:
For supporting filebased-caps, we need all PMS to provide a function
- gets the final path and the caps to set, tries to set them and then
removes the suid-bit, if successful
- returns 0 or 1, indicating success or failure

If the user's setting doesn't allow caps, then the function is not

Additionally we could also pass the fallback-filemode to the PMS, so it
could do the suid-setting itself, but this would be optional.

Reproducible: Always
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-03-15 19:08:24 UTC
I agree we should do this. I think it wouldn't be *that hard* to implement but it might be too late to include it in EAPI 7.

One thing worth noting is that we may need to account for two separate problems:

a. filesystem used for build not supporting capabilities,

b. filesystem used for merge not supporting capabilities.

One does not imply the other. In other words, the function might succeed when building package but the capabilities would be lost on install. The opposite is also possible -- not being able to set caps while building but being able to set it post-install.

All that considered, I think it is important to have well-defined fallback here. In particular, the PM *must* be able to deal with missing capabilities after build with capabilities succeeded (and when using binpkg built with caps). For extra points, being able to 'remember' capabilities when filesystem can't store them during build would also be useful.

I'm not sure if 'mode' is the only thing fallback needs to be concerned about. In some cases ownership may also be relevant. We should research existing uses of fcaps.eclass for this, I guess.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-03-15 19:09:31 UTC
(CC-ing fcaps.eclass maintainers)