Implement fscaps handling in dpkg
Discuss how to implement filesystem capabilities in dpkg.
Blueprint information
- Status:
- Not started
- Approver:
- Kees Cook
- Priority:
- Medium
- Drafter:
- Kees Cook
- Direction:
- Needs approval
- Assignee:
- Kees Cook
- Definition:
- Approved
- Series goal:
- Accepted for maverick
- Implementation:
-
Not started
- Milestone target:
-
ubuntu-10.10
- Started by
- Completed by
Whiteboard
Review fscaps blockers, with an eye towards what will be required in dpkg to support them.
* https:/
* tar
* cpio
* rsync
* dpkg
* needs cap-overrides file?
* setuid fall-back?
Work items:
[kees] verify each filesystem used by installer can handle extended attributes: POSTPONED
[kees] persue adding xattr support to squashfs: POSTPONED
[kees] drive tar xattr/acl patches into upstream: POSTPONED
[kees] make sure tar gracefully handles restoring to a filesystem that lacks xattr/acl support: POSTPONED
[kees] find a way to have "dpkg-deb -c" display xattrs sanely: POSTPONED
[kees] drive cpio xattr/acl patches into upstream: POSTPONED
[kees] persue adding -AX to -a in rsync upstream: POSTPONED
[kees] identify common code pattern upstreams can use to validate caps, drop privs, etc: POSTPONED
[kees] engage Debian on defining best practices of fscaps: POSTPONED
[kees] document how a package maintainer should handle adding fscaps to their package: POSTPONED
[kees] implement "ping" as working example of fscaps done with Debian packaging: POSTPONED
