Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 548516 - sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the security.capability attribute created by setcap
Summary: sys-apps/portage: default PORTAGE_XATTR_EXCLUDE should not exclude the securi...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Configuration (show other bugs)
Hardware: All All
: Normal normal
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 771540 460810 484436
  Show dependency tree
 
Reported: 2015-05-03 18:31 UTC by Zac Medico
Modified: 2021-02-19 02:41 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2015-05-03 18:31:28 UTC 
Since bug 461868, PORTAGE_XATTR_EXCLUDE excludes security.* attributes. However, it is possible to apply security.capability attributes which are created by the setcap utility from sys-libs/libcap (used by fcaps.eclass).

According to comments in bug 461868, we definitely need to exclude security.selinux, and maybe also security.ima and security.evm.

For binary package support, we'll have to enable xattrs in the tar options (requires that app-arch/tar is built with USE=xattr enabled). When creation of tar files, only the --xattr option needs to be added. For extraction, both --xattrs and --xattrs-include='*' are needed.
Comment 1 Zac Medico gentoo-dev 2015-05-03 19:22:22 UTC 
There's a patch in the following branch:

https://github.com/zmedico/portage/tree/bug_548516

I've posted it for review here:

https://archives.gentoo.org/gentoo-portage-dev/message/42d21a84082918b0d699d6459b633691
Comment 3 Brian Dolbec (RETIRED) gentoo-dev 2015-05-19 19:51:49 UTC 
Released in portage-2.2.19