Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 548516

Summary: sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the security.capability attribute created by setcap
Product: Portage Development Reporter: Zac Medico <zmedico>
Component: Core - ConfigurationAssignee: Portage team <dev-portage>
Status: RESOLVED FIXED    
Severity: normal CC: base-system, hardened, sam, selinux
Priority: Normal Keywords: InVCS
Version: 2.2   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 771540, 460810, 484436    

Description Zac Medico gentoo-dev 2015-05-03 18:31:28 UTC 
Since bug 461868, PORTAGE_XATTR_EXCLUDE excludes security.* attributes. However, it is possible to apply security.capability attributes which are created by the setcap utility from sys-libs/libcap (used by fcaps.eclass).

According to comments in bug 461868, we definitely need to exclude security.selinux, and maybe also security.ima and security.evm.

For binary package support, we'll have to enable xattrs in the tar options (requires that app-arch/tar is built with USE=xattr enabled). When creation of tar files, only the --xattr option needs to be added. For extraction, both --xattrs and --xattrs-include='*' are needed.
Comment 1 Zac Medico gentoo-dev 2015-05-03 19:22:22 UTC 
There's a patch in the following branch:

https://github.com/zmedico/portage/tree/bug_548516

I've posted it for review here:

https://archives.gentoo.org/gentoo-portage-dev/message/42d21a84082918b0d699d6459b633691
Comment 3 Brian Dolbec (RETIRED) gentoo-dev 2015-05-19 19:51:49 UTC 
Released in portage-2.2.19