Kevin Day thekevinday at
Sat Aug 13 08:24:55 PDT 2011

On 8/13/11, Robert Connolly <robert at> wrote:
> Some amendments for the book:
> The mount options "acl,user_xattr", and the kernel config option
> "CONFIG_SECURITY_FILE_CAPABILITIES" are mandatory. Along with acl and
> security
> labels for the file system of choice. This is the only way to drop suid-root
> from programs.
> If new LFS boot scripts are used, then /run needs to be created, and added
> as
> a tmpfs to /etc/fstab.
> Aside from that, things are going well. I have a core2 machine running HLFS,
> and it's running well. I'm anxious to add iptables.
> robert

There is one thing to keep in mind when dealing with acl.
Squashfs does not support acl.
It would be a good thing to note that if any of the files with acl are
"squashed", they will lose their acl permissions.

Squash does support xattr, so if you don't use any acl (as would be
needed for something like ping), then you should be fine.

I am not aware of tar having any problems with acl.

Kevin Day

More information about the hlfs-dev mailing list