On Sat, 2014-01-25 at 14:32 -0500, Colin Walters wrote: > On Sat, 2014-01-25 at 10:37 -0800, Josh Stone wrote: > > > Ok, sure, you can mount -o nosuid,noexec,nodev ... but this isn't the > > default for btrfs subvolume paths AFAIK. It needs to be a conscious > > decision in whatever snapshot design we choose. > > This is definitely an issue with the OSTree design, since everything > shares a physical partition (you can choose whatever block storage you > want) - it's just hard links. > > I just filed: > https://bugzilla.gnome.org/show_bug.cgi?id=722984 > for this. I forgot by gnome bugzilla password (again) so before I forget: do not use .files or such it quickly becomes a mess. If you need to annotate this kind of things I humbly suggest you add an xattr to the file namespaced to ostree. Alternatively, if you do not want to touch the original file at all, keep a separate database where you note all these things, it will make for a faster lookup in case you need bulk operations instead of having to troll the whole tree. > But really, now that KDBus is on the way, we can start using it for > system services to replace many setuid binaries, like unix_chkpwd > without losing the auditing trail and such that old indirection via > dbus-daemon required. That's a subject for a different thread though. This is a good point, but a number of binaries are that way for legacy reasons, or come from upstreams that care for portability and can't rely on dbus (yet), so I think you need to care for the problem anyway. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct