On Sun, 23 Mar 2008 Alon Bar-Lev wrote: > Hello All, > > linux-2.6.24 supports file based capabilities via: > CONFIG_SECURITY_FILE_CAPABILITIES > > This enables the use of filesystem attributes in order to store per > executable capabilities list, more information at [1]. > > This enables improved security level for people who don't wish to move > into SELinux or similar. > > I think a new global USE flags (or use current caps) may enable > ebuilds to set correct capabilities on files. > > On my system at least: ping, ping6, tcpdump, wireshark, samba, ntpd, > rlogin, vmware may enjoy this and drop the root suid. > > In order to make it simple for everybody, a new eclass may be > introduced to force dependency on >=libcap-2 and provide some atoms. > > This will provide more secured installation for users with a little > effort, less usage of root user. > > What do you think? > > Alon. > > [1] http://www.friedhoff.org/fscaps.html
Has any progress happened since March for adding support for FILE_CAPABILITIES? Bruno
