Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 548516 - sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the security.capability attribute created by setcap
Summary: sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the securi...
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Configuration (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Portage team
Keywords: InVCS
Depends on:
Blocks: 771540 460810 484436
  Show dependency tree
Reported: 2015-05-03 18:31 UTC by Zac Medico
Modified: 2021-02-19 02:41 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2015-05-03 18:31:28 UTC
Since bug 461868, PORTAGE_XATTR_EXCLUDE excludes security.* attributes. However, it is possible to apply security.capability attributes which are created by the setcap utility from sys-libs/libcap (used by fcaps.eclass).

According to comments in bug 461868, we definitely need to exclude security.selinux, and maybe also security.ima and security.evm.

For binary package support, we'll have to enable xattrs in the tar options (requires that app-arch/tar is built with USE=xattr enabled). When creation of tar files, only the --xattr option needs to be added. For extraction, both --xattrs and --xattrs-include='*' are needed.
Comment 1 Zac Medico gentoo-dev 2015-05-03 19:22:22 UTC
There's a patch in the following branch:

I've posted it for review here:
Comment 3 Brian Dolbec gentoo-dev 2015-05-19 19:51:49 UTC
Released in portage-2.2.19