[bug#61462] Add support for file capabilities(7)

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#61462] Add support for file capabilities(7)

From:	Vagrant Cascadian
Subject:	[bug#61462] Add support for file capabilities(7)
Date:	Fri, 21 Jul 2023 11:53:55 -0700

Thanks for the refreshed v2 patches! I gave them a quick spin...

As noted on IRC, apparently it lacks actual calls to setcap, so that
part still needs another patch at least!

Otherwise, it did seem to more-or-less work...

There are compatibility symlinks from /run/setuid-programs to
/run/privledged/bin and it sets setuid on requested files.

I was a little curious about why /run/privlidged/bin as opposed to
without /bin ... keeping the door open for other privlidged things? What
about things that come from /gnu/store/*/sbin ? are those handled any
differently?

My only concern is... wow is it hard, even for a native speaker, to
spell privileged!

live well,
  vagrant

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#61462] [PATCH v2 01/10] system: Disallow file-like setuid-programs., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 03/10] system: Use /run/privileged/bin in search paths., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 02/10] services: setuid-program: Populate /run/privileged/bin., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 05/10] system: Add (gnu system privilege)., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 06/10] system: (gnu system setuid) wraps (gnu system privilege)., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 09/10] system: Use privileged-program-service-type by default., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 10/10] system: Add privileged-programs to <operating-system>., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 07/10] build: Rename activate-setuid-programs., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 08/10] services: Rename setuid-program-service-type., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] [PATCH v2 04/10] gnu: Replace (almost) all uses of /run/setuid-programs., Tobias Geerinckx-Rice, 2023/07/20
- [bug#61462] Add support for file capabilities(7), Vagrant Cascadian <=
  - [bug#61462] Add support for file capabilities(7), Vagrant Cascadian, 2023/07/21

Prev by Date: [bug#64201]
Next by Date: [bug#61462] Add support for file capabilities(7)
Previous by thread: [bug#61462] [PATCH v2 04/10] gnu: Replace (almost) all uses of /run/setuid-programs.
Next by thread: [bug#61462] Add support for file capabilities(7)
Index(es):
- Date
- Thread