FilesystemCapabilties
Differences between revisions 4 and 5
593
Comment:
|
730
create sections
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
== Good == | |
Line 4: | Line 5: |
* "rsync -AXa" works ("AX" should be part of "a") | == Blockers == * "rsync -AXa" works, but "AX" should be part of "a" |
Line 10: | Line 13: |
* NFS does not support xattr (patches for NFSv3 exist: http://marc.info/?l=linux-security-module&m=126804495005609&w=2) * libcap2's pam_cap is not designed for least-privilege, has unexpected parsing results |
* dpkg-deb does not know about xattrs. == Ugly == * NFS does not support xattr == Nice to Have == * libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user) == Fixed == * libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658). |
Dumping ground for notes on supporting filesystem capabilities.
Good
- "cp -a" works
Blockers
- "rsync -AXa" works, but "AX" should be part of "a"
- cpio fails
- tar fails
- dpkg-deb does not know about xattrs.
Ugly
- NFS does not support xattr
Nice to Have
- libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user)
Fixed
- libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658).
Security/FilesystemCapabilties (last edited 2014-12-19 01:09:24 by kees)