[Rpm-maint] ACL and File Capability Support in RPM

Mon Oct 27 09:06:06 UTC 2008

On Sat, 25 Oct 2008, Andrew G. Morgan wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Panu Matilainen wrote:
>> I'm ok with adding the functionality they provide, but I think we should
>> use libcap and libacl instead of looking at the extended attributes
>> directly. libacl and libcap provide a portable interfaces (POSIX drafts)
>> to the features whereas extended attributes are basically just an
>> Linux/filesystem specific implementation detail (AFAIK).
>
> If I was familiar with how rpm tracks files and meta-data, I'd be happy
> to supply a libcap using patch for the rpm code. However, I'm not at all
> up to speed on the rpm source code.

All rpm file metadata is stored in rpm headers, details vary on the type 
of metadata. What's needed for real capability support is coming up with a 
way to sanely store capabilities in headers, teaching the spec parser to 
grok %caps() or such in spec filelists and storing them into headers. And 
finally to have the capabilities applied on installation.

As rpm doesn't support arrays of binary data in headers (except by 
encoding to string arrays), the most straightforward way is probably to 
store the capabilities to headers in text format instead of cap_copy_ext() 
presentation. And as the files with capabilities attached are going to be 
relatively few and far between, storing them needs some extra hoops to 
avoid unnecessary header bloat for non-existent data.

So a fair amount of stuff needs doing, but none of it particularly hard.

> What was easy though was to  add a '-v' option to libcap's (2.14) setcap
> utility. You can use it to verify that the capabilities on a file are
> what you expect them to be:
>
> Set the capability:
>  $ sudo ./setcap cap_setfcap=i setcap
>
> Verify the capability:
>  $ ./setcap -v cap_setfcap=i setcap
>  setcap: OK
>  $
>
> The source code change was pretty trivial.
>
> http://git.kernel.org/?p=libs/libcap/libcap.git;a=blobdiff;f=progs/setcap.c;h=65a1cb49438d1dd7991bd306b40460fe3d0b35ea;hp=0501a9d95665a3ac388cbc164f6a8ca1011693a7;hb=9da338a75b5ae27e3f4226d214977a921d644e60;hpb=9f2e7c5245fc3100ed08d8a133f80afd88e81632
>
> Basically:
>
>  cap_t ref = cap_from_text(text_for_reference_caps);
>  cap_t actual = cap_get_file(filename);
>  if (actual == NULL) {
>     /* assuming you want to treat no file caps as
>        equivalent to "set as empty", this may or may
>        not be appropriate for a package manager. */
>     actual = cap_from_text("=");
>  }
>  if (cap_compare(actual, ref) == 0) {
>    // they are the same
>  } else {
>    // not same
>  }
>  cap_free(ref);
>  cap_free(actual);
>
> Hope that helps

libcap interface is a breeze really, no problems there :)

I added the initial bits to rpm.org HEAD yesterday, essentially Andreas' 
patch except using libcap instead of looking at file xattr info. I intend 
to implement + add the rest fairly soon.

 	- Panu -