From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 6OyIEFI6VWU16QAAauVa8A:P1 (envelope-from ) for ; Wed, 15 Nov 2023 22:38:26 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 6OyIEFI6VWU16QAAauVa8A (envelope-from ) for ; Wed, 15 Nov 2023 22:38:26 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0F39124FA0 for ; Wed, 15 Nov 2023 22:38:26 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debian.org header.s=1.vagrant.user header.b="JzSknm9/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1700084306; a=rsa-sha256; cv=none; b=PtF+LxT3S1ZHK0DO3fA4gOyjOqyxtkr4FFlVLZnqATFd0ZBrCGQzSl+DOL8D/7c9oDer1r oVf16/ArTXvTkjpBq1h3155irbcB47TDRNJvc88K3LJYnkWrZaDHYfs1xUlO2lqarF4ky9 ttQU0Kvv82d77IyHooE/4rGFYoLMbZGN/pyYlYYcnGiZV85bdSvf8M+TNbf7OSP99P3IoH 2b9ugRmP2wbGEJB50kEE/B/uwr5WZf+kFay8UjL4OQYJDKQ9zSI58LxcpodPTG/YHZ4RCG j0gLc1IZkSG/+Jq3+xDPbMmZoYAL+Bq9soaWNNH2oSFtg+5BYEL8fZbsKHqAMQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debian.org header.s=1.vagrant.user header.b="JzSknm9/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1700084306; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=xjQgPlKwyt8TVog403Hc/+5FTNVYTxxFQ/wQ+YIKUKk=; b=EHZXXnZaFpm8KuJC5+F/iAIZnzPx+92r9yrOidXBtPm5cwpRDGFB3MvpYJoDze6+bQXLao SQkrnpUJjGWgGW4tzOV3IkLV7w4Bfc5bC/biDZIbyQ9dBHCNU17SZ4lXHCAD+kEY6g2vy7 O+d8KURPlTL6IDZqzu8obXIeFar+S7L7RLUmXJJ4MSk7D8gTgh5oxsXnoM2ViYPxDNLQFI u2rRGZhaxfoZ7rY28O/+iUyz4c1yRYDdPSDSMoUg+UepGS1FitQbpANVAU+RqhqOgfgo/x waqSPeF9KYrXdT+nYmNnl6yX3AjFBYy1uOCnsksp+zkIKf/urJ3T2CjeiHI7fQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r3NaJ-0004oM-0W; Wed, 15 Nov 2023 16:38:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r3NaF-0004nx-Ta for guix-patches@gnu.org; Wed, 15 Nov 2023 16:38:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r3NaF-0007yF-Le for guix-patches@gnu.org; Wed, 15 Nov 2023 16:38:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r3NaE-0005B7-7V for guix-patches@gnu.org; Wed, 15 Nov 2023 16:38:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61462] Add support for file capabilities(7) Resent-From: Vagrant Cascadian Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 15 Nov 2023 21:38:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61462 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Tobias Geerinckx-Rice , 61462@debbugs.gnu.org Received: via spool by 61462-submit@debbugs.gnu.org id=B61462.170008426319878 (code B ref 61462); Wed, 15 Nov 2023 21:38:02 +0000 Received: (at 61462) by debbugs.gnu.org; 15 Nov 2023 21:37:43 +0000 Received: from localhost ([127.0.0.1]:54010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r3NZu-0005AY-Ko for submit@debbugs.gnu.org; Wed, 15 Nov 2023 16:37:42 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:37120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r3NZp-0005AJ-S6 for 61462@debbugs.gnu.org; Wed, 15 Nov 2023 16:37:41 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 7AC6E1AA73; Wed, 15 Nov 2023 13:37:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1700084249; bh=hqRTU4izUAgnqa1H1UjQXX6iRqKGMx3lV1ON85hsmi8=; h=From:To:Subject:In-Reply-To:References:Date:From; b=JzSknm9/2ZdMl8P8Ho0FFdgzIHuVHuYgDDJzbVXik2NhTG0hBDzFgCDX/Tt1jsGec JzPeDwnRcpVcDtgRExwhtHGJxWQhd1rP3PFA58uyouTscVPYjOUF5P/JbTS6jcZODb u6ZjGyzEwrfFUaO4iyaAyY0724GsOBL4J5sMHVmkII6G2kdj2Lq7RvQslcE1pDATb1 GQTk7+55sli9se2NWdSLtXyc+z5U94f3K1llMEjRSuycxO/FX237J3AZECIejpW4wl LMOktQkmFay4G+EXaIk5thjuU5YVP7P7fLyzWoLUbUWIL5WYG5PySa0b5UFANXIpmj F+X4pDzJ+cNNw== From: Vagrant Cascadian In-Reply-To: <87edl1yu2k.fsf@wireframe> References: <87r0uuehlr.fsf@nckx> <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@tobias.gr> <87edl1yu2k.fsf@wireframe> Date: Wed, 15 Nov 2023 13:37:22 -0800 Message-ID: <87wmuig0kt.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 0F39124FA0 X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -4.89 X-Spam-Score: -4.89 X-TUID: JQyaKBY3YJBt --=-=-= Content-Type: text/plain On 2023-07-21, Vagrant Cascadian wrote: > Thanks for the refreshed v2 patches! I gave them a quick spin... > > As noted on IRC, apparently it lacks actual calls to setcap, so that > part still needs another patch at least! > > Otherwise, it did seem to more-or-less work... I did eventually get some updated patches that even followed through on the promise of calling out to setcap, and from what I recall they even worked! I liked them a lot. > There are compatibility symlinks from /run/setuid-programs to > /run/privledged/bin and it sets setuid on requested files. > > I was a little curious about why /run/privlidged/bin as opposed to > without /bin ... keeping the door open for other privlidged things? What > about things that come from /gnu/store/*/sbin ? are those handled any > differently? Working patches aside, that is my only outstanding question, and I would hate to see that be a blocker. :) In short, "ping" :) live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZVU6EwAKCRDcUY/If5cW qmuKAP9QnOZuemSxq2g6z59llOMBrAJhDYYD7iuASRLHLVixDgEAknTNn+ahYZ+K lepFYUGiG/xIVizSEm76pdOKxjT4xwo= =ejch -----END PGP SIGNATURE----- --=-=-=--