Fedora 11: moving to posix file capabilities?
Dax Kelson
dkelson at gurulabs.com
Wed Oct 29 19:13:34 UTC 2008
On Wed, 2008-10-29 at 15:02 -0400, Steve Grubb wrote:
> On Wednesday 29 October 2008 06:37:32 Panu Matilainen wrote:
> > We have kernel support for storing capabilities on filesystem since 2.6.24
> > and recent libcap, both in F9 already.
>
> And we have also been busy updating everything else to support this:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=449984
>
>
> > I just committed file capability support to rpm.org HEAD, filling in the
> > final(?) missing piece. Capability support is not going to be in rpm 4.6.0
> > but no reason they can't be pulled into 4.6.1 which is easily in F11
> > timeframe.
>
> We tried to support this in F-10 by having a test run with ping. We figured
> that is a simple well defined app that could be used as a test subject. We
> opened bz 455713 to document the change over. Turns out that people compile
> their own kernels and do not necessarily turn this on. So, what do we do in
> that case?
Modify ping to work in either scenario. Get the patches accepted
upstream. This is not dissimilar from efforts of getting SELinux
integrated (init patches, -Z patches, etc).
Dax Kelson
Guru Labs
More information about the fedora-devel-list
mailing list