[bug#61462] Add support for file capabilities(7)

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#61462] Add support for file capabilities(7)

From:	Vagrant Cascadian
Subject:	[bug#61462] Add support for file capabilities(7)
Date:	Fri, 21 Jul 2023 12:11:38 -0700

On 2023-07-21, Vagrant Cascadian wrote:
> Thanks for the refreshed v2 patches! I gave them a quick spin...
>
> As noted on IRC, apparently it lacks actual calls to setcap, so that
> part still needs another patch at least!
>
> Otherwise, it did seem to more-or-less work...
>
> There are compatibility symlinks from /run/setuid-programs to
> /run/privledged/bin and it sets setuid on requested files.

Oh, I noticed on reconfiguring back to a system without the patches to
support /run/privileged configurations ... the /run/privileged directory
is still present, with all those files sitting there in their previous
state.

This is why I think at least by default, many other distros implement
/run as a tmpfs or similar, so that it at least gets thrown out at
reboot. Though this is obviously a deeper problem than just this patch
series... I will file a separate bug about that.

live well,
  vagrant

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#61462] [PATCH v2 03/10] system: Use /run/privileged/bin in search paths., (continued)
- [bug#61462] [PATCH v2 03/10] system: Use /run/privileged/bin in search paths., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 02/10] services: setuid-program: Populate /run/privileged/bin., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 05/10] system: Add (gnu system privilege)., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 06/10] system: (gnu system setuid) wraps (gnu system privilege)., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 09/10] system: Use privileged-program-service-type by default., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 10/10] system: Add privileged-programs to <operating-system>., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 07/10] build: Rename activate-setuid-programs., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 08/10] services: Rename setuid-program-service-type., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 04/10] gnu: Replace (almost) all uses of /run/setuid-programs., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] Add support for file capabilities(7), Vagrant Cascadian, 2023/07/21
  - [bug#61462] Add support for file capabilities(7), Vagrant Cascadian <=

Prev by Date: [bug#61462] Add support for file capabilities(7)
Next by Date: [bug#64777] [PATCH] gnu: ssh: Fix compilation warning with serialize-match-criteria.
Previous by thread: [bug#61462] Add support for file capabilities(7)
Next by thread: [bug#64755] [PATCH] gnu: git-modes -> emacs-git-modes.
Index(es):
- Date
- Thread