etc/dists/scripts/postcreate.sh: set proper file caps for Fedora >= 15
New Fedora distros, starting from Fedora 15, are trying to get rid of
SUID bit for binaries, using file-based capabilities instead. While this
is all great and welcomed, the problem is neigher tar nor cpio are able
to carry these caps around, so if we tar/untar the binary all the attributes
are lost. Yes that includes tar and cpio from Fedora 15, too.
Possible solution is to use modified tar binary which saves these attributes.
For a number of reasons, this is not the best course of action for OpenVZ,
thus I ended up with this hack.
postcreate.sh is a script which is run right after unpacking the CT
template. We check that it is Fedora 15 (or 16, up to 19) and set a few
capabilities here and there.
The set of capabilities is taken from a freshly installed Fedora 15,
and I have checked that it is the same in Fedora 16.
Maybe we need some per-distro configuration file for capabilities,
something similar to osrelease.conf for capabilities.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
1 file changed