Re: Bug#1038789: Enable capabilities feature
Hi Guillem,
On Wed, 28 Jun 2023 01:57:27 +0200
Guillem Jover <guillem@debian.org> wrote:
> Some time ago I asked on d-d whether anyone would have an issue with
> dpkg.deb in Debian linking against libcap [D]. And where I had worked
> on the following branch:
>
> https://git.hadrons.org/git/debian/dpkg/dpkg.git/log/?h=next/s-s-d-posix-caps
>
> Which I need to go over again before merging. But otherwise support
> for this in that or some other similar form should be coming soon to
> s-s-d.
I had a quick look at the branch you posted and I'm not sure it
overlaps with the feature requested with this bug.
If I understand --dropcap correctly it is meant to remove capabilities
from the daemon started by s-s-d, correct?
What I am looking for is quite the opposite, however. I'm looking for a
way to add new capabilities to the ambient set of the started daemon.
The ambient set is important for daemons written in interpreted
languages where capabilities cannot be set on the executable file and
where the language may not provide a means to manipulate capabilities
itself.
In such cases, s-s-d would need to set up the capabilities for the
daemon prior to it being exec'ed.
Please have a look at the implementation of OpenRC's start-stop-daemon:
https://raw.githubusercontent.com/OpenRC/openrc/master/src/start-stop-daemon/start-stop-daemon.c
https://github.com/OpenRC/openrc/commit/6e214b261604c4ab1ffc244272443a587bb59927
Also I would favour if OpenRC's and dpkg's start-stop-daemon could try
to share a common interface. This would make life easier for init
script writers.
Kind regards,
Dennis
Reply to: