-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/2010 09:44 AM, Paul Howarth wrote: > On 29/10/10 04:15, Jason L Tibbitts III wrote: >>>>>>> "JN" == Joe Nall<joe@xxxxxxxx> writes: >> >> JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote: >> >>>> More to the point, I can easily see the setuid bit easily on a >>>> binary. >>>> How do I tell if these strange/hidden "capabilities" are >>>> present on a binary? 'ls' doesn't mention anything. >> >> JN> getcap >> >> Interesting. That's in the libcap package, which is sort of oddly named >> because it includes executables. And of course it's multilib, but the >> binaries are arch-specific which I believe is a multilib conflict. >> Probably needs the executables split out into a libcap-tools packages. >> >> I notice that rpm supports that %caps() directive in the %files list to >> specify capabilities. I don't recall seeing that before; how long ago >> did rpm grow support for it? It looks like it came in around rpm 4.7, >> so all supported Fedora releases have it. However, I'm certain it's not >> in RHEL4 and I'm pretty sure it's not in RHEL5 either, so at least the >> EPEL folks will need to make a note of it. > > I've just come across another issue with this. I use the "tmpfs" plugin > with mock usually, and it appears that tmpfs doesn't support the > necessary file capabilities, as I get these errors when setting up the > buildroot: > > DEBUG util.py:267: Error unpacking rpm package > iputils-20101006-2.fc15.x86_64 > DEBUG util.py:267: error: unpacking of archive failed on file > /bin/ping: cpio: cap_set_file failed - Operation not supported > DEBUG util.py:267: Error unpacking rpm package > policycoreutils-2.0.83-32.fc15.x86_64 > DEBUG util.py:267: error: unpacking of archive failed on file > /usr/sbin/seunshare: cpio: cap_set_file failed - Operation not supported > > If I disable the tmpfs plugin, so mock uses the ext3 filesystem I have > on /var/lib/mock, the build succeeds. So at least I have a workaround > but I'd like to have tmpfs working as it *really* improves performance. > > Paul. Paul is this because NOSUID is set on tmpfs? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzO1ukACgkQrlYvE4MpobNTRgCgvpFXeGWful7wY1np4buMLBrc 1zEAoNIBDFDHQ9t8qoqljX9pRlACOUFS =27qj -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
