Feature changed by: Cristian Rodríguez (elvigia) Feature #307254, revision 8 Title: Use POSIX capabilities instead of suid openSUSE-11.3: Unconfirmed Priority Requester: Neutral Requested by: Pascal Bleser (pbleser) + Developer: (Novell) Description: Use POSIX file capabilities instead of suid processes and running e.g. Apache as root: * http://www.nuxified.org/blog/dear-distributors (http://www.nuxified.org/blog/dear-distributors) * http://www.friedhoff.org/posixfilecaps.html (http://www.friedhoff.org/posixfilecaps.html) * https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html (https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html) Discussion: #1: Jan Engelhardt (jengelh) (2009-08-09 14:21:02) Some tools like tar(1) do not even support recording Xattrs/ACLs (yet people still use that for backups), and Filesystem Capabilities (not POSIX capabilities) would not be recorded either. Such should really be addresses first, more or less. #2: Pascal Bleser (pbleser) (2009-08-10 01:30:22) (reply to #1) No question, it's a mid term objective. And not exactly trivial to solve either. I posted this feature rather as a reminder that that enhancement exists, and that Fedora is trying to get it implemented. Just to keep an eye on it ;) + #3: Cristian Rodríguez (elvigia) (2010-10-05 20:45:55) + I have enabled support for file capabilities in rpm using the %caps() + macro in factory + + However having it enabled in rpm is not that useful as the actual + feature has to be activated manually by the user booting with + file_caps=1 , does anyone know the reason why it isnt enabled by + default ? + + -- openSUSE Feature: https://features.opensuse.org/307254