Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#63248 - [shadow] Install newuidmap/newgidmap with fs caps instead of suid

Attached to Project: Arch Linux
Opened by Jensen McKenzie (your_doomsday) - Sunday, 21 July 2019, 20:16 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 08 August 2019, 01:16 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No



Since 4.7 version upstream supports installing newuidmap/newgidmap with CAP_SETUID and CAP_SETGID (respectively) file system capability instead of full SUID binary ('--with-fcaps' config option). This is much recommended for better security.
This task depends upon

Closed by  Dave Reisner (falconindy)
Thursday, 08 August 2019, 01:16 GMT
Reason for closing:  Fixed
Additional comments about closing:  shadow 4.7-2
Comment by Dave Reisner (falconindy) - Thursday, 01 August 2019, 18:04 GMT
Unfortunately pacman doesn't support unpacking of xattrs in package tarballs, so this needs to be done via an install scriptlet. Pushing a -2 to testing with this change.