On 2023-07-21, Vagrant Cascadian wrote:
> Thanks for the refreshed v2 patches! I gave them a quick spin...
>
> As noted on IRC, apparently it lacks actual calls to setcap, so that
> part still needs another patch at least!
>
> Otherwise, it did seem to more-or-less work...

I did eventually get some updated patches that even followed through on
the promise of calling out to setcap, and from what I recall they even
worked! I liked them a lot.


> There are compatibility symlinks from /run/setuid-programs to
> /run/privledged/bin and it sets setuid on requested files.
>
> I was a little curious about why /run/privlidged/bin as opposed to
> without /bin ... keeping the door open for other privlidged things? What
> about things that come from /gnu/store/*/sbin ? are those handled any
> differently?

Working patches aside, that is my only outstanding question, and I would
hate to see that be a blocker. :)


In short, "ping" :)


live well,
  vagrant