RFC: baseline requirements for Ubuntu rootfs: xattrs and fscaps
Jamie Strandboge
jamie at canonical.com
Tue Aug 7 13:50:01 UTC 2018
On Mon, 2018-08-06 at 14:53 -0700, Steve Langasek wrote:
> Hi John,
>
> On Mon, Aug 06, 2018 at 10:09:53PM +0100, John Lenton wrote:
> > On Mon, 6 Aug 2018 at 21:16, Steve Langasek <steve.langasek at ubuntu.
> > com> wrote:
> > > I think it's exceedingly unlikely that anyone is going to unpack,
> > > and
> > > subsequently boot, an Ubuntu root tarball on a filesystem that
> > > doesn't
> > > support xattrs. All the filesystems that Ubuntu supports out of
> > > the box as
> > > rootfs (in terms of installers, and filesystem tools
> > > preinstalled) support
> > > xattrs.
> > while this is strictly true, 'snap pack' and 'snapcraft pack'
> > currently disable xattrs, and the store will not approve snaps that
> > are built with xattrs.
>
> Thanks, that's a useful data point. Do you think it is a practical
> concern
> for snaps if an Ubuntu rootfs uses fscaps? Is this an argument
> against
> allowing fscaps in Ubuntu, or should it just be a matter for
> snapcraft to
> warn/error about on creation, guiding users to using setuid instead?
>
> As a worked example: the core snap does ship /bin/ping, which is
> currently
> setuid-root in Ubuntu but would move to fscaps in this
> proposal. (The core
> snap does not include mtr-tiny.) What do you believe is the correct
> outcome
> here for /bin/ping in a future ubuntu core 20 snap?
App snaps are currently expected to be generated with --no-xattrs and I
continue to believe this is the correct choice for the time being.
os/base snaps need not be expected to be built this way and we while
might have some light review tools updates for this, in principle it is
not a problem for os/base snaps.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20180807/2d8738e0/attachment.sig>
More information about the ubuntu-devel
mailing list