[Rpm-maint] ACL and File Capability Support in RPM
Andreas Gruenbacher
agruen at suse.de
Mon Sep 1 14:42:25 UTC 2008
Hello all,
I am trying to get the minimal bits and pieces into place for allowing us to
start using file capabilties.
Currently, rpm neither supports acls nor file capabilities [1], and so when
they are needed, the usual way is to set them in the %post script. This
works, but unfortunately rpm then cannot --verify that a file has the right
permissions and capabilities attached.
In am not aware of any cases where acls would actually be needed for packaged
files, so I think that we can safely leave acl support out of rpm for now. It
would be nice to check for acls in --verify, though.
With file capabilities, things are different: distributions are going to start
using them instead of suid root binaries, and perhaps to run some daemons
with fewer privileges. The number of packages using capabilities won't be
huge, but sure more than a hand full.
I believe that full capability support in rpm would be very useful. I am not
familiar enough with the rpm codebase, and I don't think I can implement full
file capability support efficiently.
Nevertheless, rpm can meanwhile at least make sure in --verify that no files
have capabilities attached. To allow turning this check off, a new %verify
file list flag and a new --nocaps command line option seems to make sense for
me.
The attached two patches against (our version of) rpm-4.4.2 do the following:
verify-acls.diff
In --verify, also check for POSIX ACLs as part of the mode checks, and
complain if any are found.
verify-file-capabilities.diff
Introduce a new "caps" %verify flag, and allocate a flag for it.
Introduce a new --nocaps command line option.
In --verify, also check for the presence of file capabilities, and
complain if any are found. Use "P" as the indicator letter in the
--verify output (in a new column).
What do you think -- do these patches look acceptable?
Thanks,
Andreas
[1] http://ols.fedoraproject.org/OLS/Reprints-2008/hallyn-reprint.pdf
--
Andreas Gruenbacher <agruen at suse.de>, SUSE Labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: verify-acls.diff
Type: text/x-diff
Size: 731 bytes
Desc: not available
Url : http://lists.rpm.org/pipermail/rpm-maint/attachments/20080901/3ec50ff9/attachment-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: verify-file-capabilities.diff
Type: text/x-diff
Size: 5281 bytes
Desc: not available
Url : http://lists.rpm.org/pipermail/rpm-maint/attachments/20080901/3ec50ff9/attachment-0003.bin
More information about the Rpm-maint
mailing list