Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 548516 - sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the security.capability attribute created by setcap
Summary: sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the securi...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Configuration (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 460810 484436
  Show dependency tree
 
Reported: 2015-05-03 18:31 UTC by Zac Medico
Modified: 2015-05-19 19:51 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2015-05-03 18:31:28 UTC
Since bug 461868, PORTAGE_XATTR_EXCLUDE excludes security.* attributes. However, it is possible to apply security.capability attributes which are created by the setcap utility from sys-libs/libcap (used by fcaps.eclass).

According to comments in bug 461868, we definitely need to exclude security.selinux, and maybe also security.ima and security.evm.

For binary package support, we'll have to enable xattrs in the tar options (requires that app-arch/tar is built with USE=xattr enabled). When creation of tar files, only the --xattr option needs to be added. For extraction, both --xattrs and --xattrs-include='*' are needed.
Comment 1 Zac Medico gentoo-dev 2015-05-03 19:22:22 UTC
There's a patch in the following branch:

https://github.com/zmedico/portage/tree/bug_548516

I've posted it for review here:

https://archives.gentoo.org/gentoo-portage-dev/message/42d21a84082918b0d699d6459b633691
Comment 3 Brian Dolbec gentoo-dev 2015-05-19 19:51:49 UTC
Released in portage-2.2.19