RFC: baseline requirements for Ubuntu rootfs: xattrs and fscaps
Steve Langasek
steve.langasek at ubuntu.com
Mon Aug 6 21:53:08 UTC 2018
Hi John,
On Mon, Aug 06, 2018 at 10:09:53PM +0100, John Lenton wrote:
> On Mon, 6 Aug 2018 at 21:16, Steve Langasek <steve.langasek at ubuntu.com> wrote:
> > I think it's exceedingly unlikely that anyone is going to unpack, and
> > subsequently boot, an Ubuntu root tarball on a filesystem that doesn't
> > support xattrs. All the filesystems that Ubuntu supports out of the box as
> > rootfs (in terms of installers, and filesystem tools preinstalled) support
> > xattrs.
> while this is strictly true, 'snap pack' and 'snapcraft pack'
> currently disable xattrs, and the store will not approve snaps that
> are built with xattrs.
Thanks, that's a useful data point. Do you think it is a practical concern
for snaps if an Ubuntu rootfs uses fscaps? Is this an argument against
allowing fscaps in Ubuntu, or should it just be a matter for snapcraft to
warn/error about on creation, guiding users to using setuid instead?
As a worked example: the core snap does ship /bin/ping, which is currently
setuid-root in Ubuntu but would move to fscaps in this proposal. (The core
snap does not include mtr-tiny.) What do you believe is the correct outcome
here for /bin/ping in a future ubuntu core 20 snap?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20180806/889abf40/attachment.sig>
More information about the ubuntu-devel
mailing list