thekevinday at gmail.com
Sat Aug 13 08:24:55 PDT 2011
On 8/13/11, Robert Connolly <robert at linuxfromscratch.org> wrote:
> Some amendments for the book:
> The mount options "acl,user_xattr", and the kernel config option
> "CONFIG_SECURITY_FILE_CAPABILITIES" are mandatory. Along with acl and
> labels for the file system of choice. This is the only way to drop suid-root
> from programs.
> If new LFS boot scripts are used, then /run needs to be created, and added
> a tmpfs to /etc/fstab.
> Aside from that, things are going well. I have a core2 machine running HLFS,
> and it's running well. I'm anxious to add iptables.
There is one thing to keep in mind when dealing with acl.
Squashfs does not support acl.
It would be a good thing to note that if any of the files with acl are
"squashed", they will lose their acl permissions.
Squash does support xattr, so if you don't use any acl (as would be
needed for something like ping), then you should be fine.
I am not aware of tar having any problems with acl.
More information about the hlfs-dev