On Wed, 2008-10-29 at 15:02 -0400, Steve Grubb wrote: > We tried to support this in F-10 by having a test run with ping. We figured > that is a simple well defined app that could be used as a test subject. We > opened bz 455713 to document the change over. Turns out that people compile > their own kernels and do not necessarily turn this on. So, what do we do in > that case? I thought more about this. How about a check in rc.sysinit to see if the kernel supports capabilities? If the check fails it could do either or both of the following: 1. Display and log nasty warning message 2. Run the command: chmod u+s `cat /etc/posixcapbinaries` Doing 2. would be the "friendly" thing to give the user a non-broken system. It does make it a bit more complicated because you'd want some logic that if they booted back to a kernel with posix capabilities you stripped the suid bits. Also, rpm verity will complain. Dax Kelson Guru Labs -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
