On Fri, Jan 29, 2010 at 2:10 PM, Pierre Schmitz <pierre@xxxxxxxxxxxx> wrote: > Finally some interesting discussion came out of this. I am not an expert on > linux capability support, but Thomas has posted two blog entries about this in > Arch: http://archlinux.me/brain0/2009/07/28/using-posix-capabilities-in-linux- > part-one/ and http://archlinux.me/brain0/2010/01/05/using-posix-capabilities- > in-linux-part-two/ > > In general this should work fine. The only problem is that bsdtar did not > support storing those information (don't know if future versions support this) > so one has to use install scripts to adjust the permissions after install. > When I looked into that a few months ago, it stored just fine when creating the archive. But it did not restore them when extracting. This got fixed in trunk, so it will probably be in the next major release (2.8 ?). http://code.google.com/p/libarchive/source/detail?r=1590# xps-m1530:~> bsdtar --version bsdtar 2.7.902a - libarchive 2.7.902a 2.7 release does not work, at least on my system. The development version is required. xps-m1530:~> setcap cap_net_raw=ep ./ping unable to set CAP_SETFCAP effective capability: Operation not permitted xps-m1530:~> sudo setcap cap_net_raw=ep ./ping xps-m1530:~> getcap ping ping = cap_net_raw+ep setcap needs root. xps-m1530:~> bsdtar cvf ping.tar.gz ping a ping compress normally. xps-m1530:~> bsdtar xvf ping.tar.gz -C /tmp x ping xps-m1530:~> bsdtar xvf ping.tar.gz -C /tmp x ping xps-m1530:~> getcap /tmp/ping By default, it is not restored. "p" is needed. xps-m1530:~> bsdtar xvpf ping.tar.gz -C /tmp x ping: Failed to set extended attribute bsdtar: Error exit delayed from previous errors. xps-m1530:~> sudo bsdtar xvpf ping.tar.gz -C /tmp x ping xps-m1530:~> getcap /tmp/ping /tmp/ping = cap_net_raw+ep root is of course still needed again for setcap, and it works !
