https://bugzilla.novell.com/show_bug.cgi?id=682244
https://bugzilla.novell.com/show_bug.cgi?id=682244#c8
--- Comment #8 from Ludwig Nussel
Just to clarify, is this what you expect:
- package %{_bindir}/gnome-keyring-daemon with "%verify(not mode caps)" but no specific %attr nor %caps
- use a %post with: %set_permissions %{_bindir}/gnome-keyring-daemon
- use a %verifyscript: %verify_permissions -e %{_bindir}/gnome-keyring-daemon
Yes.
As far as I can tell, the app can deal with both fscaps and setuid. However, if it's not setuid and there's no fscap, it will simply refuse to run as it considers it needs ipc_lock to operate securely (since it deals with storing passwords and other sensitive data).
Did you try? The extra capabilities are only needed if it needs to mlock more than RLIMIT_MEMLOCK which is 64k by default. That should be enough to store quite a few passwords ;-) We may consider to increase that system wide limit too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.