Re: dpkg-capoverride (?)
Hi!
On Fri, 2015-02-20 at 11:30:02 +0100, Santiago Vila wrote:
> Would it worth to have a procedure like "dpkg-capoverride" so that
> whenever a package needs to change a capability, the change gets
> registered somewhere other than the filesystem itself?
Yes and no. It might be more convenient, but it introduces other
problems. POSIX capabilities (not to be confused with capability-based
security!) are defined by a withdrawn POSIX draft spec, and the subset
of POSIX capabilities specified in that draft is quite limited, the rest
are Linux-specific extensions that have grown organically w/o much
thought, many pretty much amount to root rights anyway.
I'm not aware of any other (non-Linux) system implementing POSIX
capabilities, which means that if something else got to implement them,
the non-specified POSIX capabilities might not match 1:1 with the ones
found in Linux. So either dpkg would need to try to map them as best as
possible (if at all possible) or it would need to punt the problem to
the packages, which would need to handle the differences, so it's a
leaking interface no matter what. Not very enticing.
Another option could be to add a new option to just preserve all xattrs
on upgrade, or a specified subset, so the admin or the package could say
for example to preserve «security.capabilities» if present.
See #502580 for more context.
Thanks,
Guillem
Reply to: