On Dec 19, 2014 2:38 AM, "Matthew Thode" <[email protected]> wrote: > > On 12/18/2014 07:09 PM, Anthony G. Basile wrote: > > 2) what to do about tar and POSIX capabilities in the context of > > building stage3's. Utilities like ping that used to be setuid to root > > are now just using posix caps. But preserving xattrs with tar is > > tricky. Since we dealt with this for the user.pax.* xattr namespace > > jmbsvicetto asked us to look at security.capability. However, the issue > > may now be mute because I just got a message from him that > > > > tar --xattrs --xattrs-include=security.capability > > --xattrs-include=user.* --acls -xjpvf > > > > works to get us all the xattr goodies we need for hardened and gentoo in > > general. > regarding 2: The thing we need to ask is if we want to ask users to run > that to extract stage3 tarballs, instead
What xattrs are there in the tarball that we don't want our users to install? Wkr, Sven Vermeulen
