SVN-20110724

Robert Connolly robert at linuxfromscratch.org
Mon Aug 15 11:38:40 PDT 2011


On Saturday 13 August 2011 11:24:55 Kevin Day wrote:
> On 8/13/11, Robert Connolly <robert at linuxfromscratch.org> wrote:
> > Some amendments for the book:
> > 
> > The mount options "acl,user_xattr", and the kernel config option
> > "CONFIG_SECURITY_FILE_CAPABILITIES" are mandatory. Along with acl and
> > security
> > labels for the file system of choice. This is the only way to drop
> > suid-root from programs.
> > 
> > If new LFS boot scripts are used, then /run needs to be created, and
> > added as
> > a tmpfs to /etc/fstab.
> > 
> > Aside from that, things are going well. I have a core2 machine running
> > HLFS, and it's running well. I'm anxious to add iptables.
> > 
> > robert
> 
> There is one thing to keep in mind when dealing with acl.
> Squashfs does not support acl.
> It would be a good thing to note that if any of the files with acl are
> "squashed", they will lose their acl permissions.
> 
> Squash does support xattr, so if you don't use any acl (as would be
> needed for something like ping), then you should be fine.
> 
> I am not aware of tar having any problems with acl.

There's a strange problem with attributes not surviving from the chroot to 
reboot. Doesn't make sense.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20110815/fab27bc7/attachment.sig>


More information about the hlfs-dev mailing list