FilesystemCapabilties
Differences between revisions 4 and 6 (spanning 2 versions)
593
Comment:
|
721
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
* "cp -a" works * "rsync -AXa" works ("AX" should be part of "a") |
== Blockers == * "rsync -AXa" works, but "AX" should be part of "a" |
Line 10: | Line 10: |
* NFS does not support xattr (patches for NFSv3 exist: http://marc.info/?l=linux-security-module&m=126804495005609&w=2) * libcap2's pam_cap is not designed for least-privilege, has unexpected parsing results |
* dpkg-deb does not know about xattrs. == Good == * "cp -a" works == Bad == * NFS does not support xattr == Ugly == * libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user) == Fixed == * libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658). |
Dumping ground for notes on supporting filesystem capabilities.
Blockers
- "rsync -AXa" works, but "AX" should be part of "a"
- cpio fails
- tar fails
- dpkg-deb does not know about xattrs.
Good
- "cp -a" works
Bad
- NFS does not support xattr
Ugly
- libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user)
Fixed
- libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658).
Security/FilesystemCapabilties (last edited 2014-12-19 01:09:24 by kees)