GNU bug report logs - #61462
Add support for file capabilities(7)

Previous Next

Package: guix-patches;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Sun, 12 Feb 2023 20:46:01 UTC

Severity: normal

Tags: patch

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 61462 <at> debbugs.gnu.org, brian <bjc <at> spork.org>
Subject: [bug#61462] Add support for file capabilities(7)
Date: Mon, 08 Jan 2024 17:45:57 +0100

Hello!

Vagrant Cascadian <vagrant <at> debian.org> skribis:

> I just noticed I pushed a branch with the working patches to a public
> branch last month:
>
>   https://salsa.debian.org/debian/guix/-/tree/capabilities-61462-20231115?ref_type=heads
>
> They are even still cherry-pickable from current master! Yay!

Wo0t!

> These patches were started over a year ago(well, probably before that,
> even), and had a working implementation about 6 months ago...
>
> My guess is the main blocker is nervousness about renaming
> setuid-programs to privilidged-programs (I know I am a bit nervous to do
> so!)?

It shouldn’t be an issue as /run/setuid-programs is populated with
symlinks for backward compatibility.

AIUI, we can still use good’ol setuid programs on the Hurd until a
better solution is found, so we should be fine (meaning
“make check-system TESTS=childhurd” should pass).

We could emit a deprecation warning when someone uses the
‘setuid-programs’ field of <operating-system>.  Not a blocker though.

Tobias, ready to push? :-)

Cheers,
Ludo’.
This bug report was last modified 305 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.