Without filesystem capabilities, many things will not work. Ping as a user for instance.
Lots of setuid binaries switched to using filesystem capabilities rather than setuid and
require it to work. RPM failing is the right thing to do.
Dennis
On 29 November 2016 8:04:07 am AEST, "J. Bruce Fields"
<bfields(a)redhat.com> wrote:
On Wed, Nov 23, 2016 at 08:28:12PM -0500, Stephen John Smoogen wrote:
> On 23 November 2016 at 19:36, Samuel Sieb <samuel(a)sieb.net> wrote:
> > On 11/23/2016 07:39 AM, Chuck Anderson wrote:
> >>
> >> Is it supposed to be supported to install RPMs onto NFS
filesystems?
> >> Apparently NFSv3 doesn't support capabilities, so I'm not sure
what to
> >> do with this bug which happens because cap_net_raw is used for the
> >> fping binaries:
> >>
> > I would expect that isn't supported, although I'm somewhat
surprised that it
> > fails instead of just warning. That's a very unusual setup, having
the root
> > filesystem on NFS.
>
> I doubt that installing on NFS was supported after we began using
> capabilities on files for security. While installing on NFS was in
> vogue in the 80's and 90's for thin clients and similar environments,
> I think it has fallen to the wayside for current development. [In the
> EPEL environment space I do expect it is still in use for root but
> probably only in EL6 land versus EL7]
This isn't the first complaint we've gotten, though admittedly it may
have been a while. (And I'm having no luck finding the bugs in
bugzilla.)
We could add support for capabilities to the NFS protocol, but that
could take a while.
It'd be nice if rpm installs could fall back on something else instead
of failing, but maybe it's complicated to do that safely.
--b.
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.