Received: (at 55683-done) by debbugs.gnu.org; 11 Mar 2025 03:56:12 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 10 23:56:12 2025 Received: from localhost ([127.0.0.1]:40926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1trqiy-0001WL-Dv for submit <at> debbugs.gnu.org; Mon, 10 Mar 2025 23:56:12 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:53154) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <vagrant@HIDDEN>) id 1trqiw-0001Vy-5u for 55683-done <at> debbugs.gnu.org; Mon, 10 Mar 2025 23:56:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1741665362; bh=ef5r9mI4LIOE55RBSGsgbuDl7/XkIlLNK/jmEH58ebY=; h=From:To:Subject:In-Reply-To:References:Date:From; b=IFLNbtQgP02xDHv+l1Wnhrdwhnl2tMQzPBVwiTITDvfbd0AGPLu4sj4G4L2hFheVf de2WUr+9PTVUGfARMUqmgj0tCcnA3OIz8Q+J3Hmn84CLP992/k9pIfFUK2txFEdPsL jiLWU86AvIZNdg5yC/AG1feMDGQtXNxOARt9JdE9n1mBID/+L+OayzZlqSGsPcqcdu eBKitlZyxhlNRvygGxTvl34FLbEzzHqqyuTivTVtjeU5aLKqnv1Tl6Ik8qjouRUNbe 0KP9uMuWZXChueyKqI7xauoCgHPBKIsLOvSUwZ2bGVwcjNjHuKiRzD+SSX5/5qQglV jIZeViYjcAQDg== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 1268210DA; Mon, 10 Mar 2025 20:56:02 -0700 (PDT) From: Vagrant Cascadian <vagrant@HIDDEN> To: 55683-done <at> debbugs.gnu.org Subject: Re: Support binaries that need "setcap" similar to "setuid-programs" In-Reply-To: <87v8k5l4wp.fsf@contorta> References: <87k0a669ew.fsf@yucca> <87fsku68pn.fsf@yucca> <87v8k5l4wp.fsf@contorta> Date: Mon, 10 Mar 2025 20:55:56 -0700 Message-ID: <877c4w2pbn.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 55683-done X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2023-02-13, Vagrant Cascadian wrote: > On 2022-05-27, Vagrant Cascadian wrote: >> On 2022-05-27, Vagrant Cascadian wrote: >>> I've been working on a package called lcsync: >>> >>> https://issues.guix.gnu.org/55682 >>> >>> But lcsync needs CAP_NET_RAW... Normally, this is accomplished by >>> running: >>> >>> setcap cap_net_raw=eip /path/to/bin/lcsync ... > Patches working towards implementing the required functionality at: > > https://issues.guix.gnu.org/61462 This was fixed in commit: 71f0676a295841e2cc662eec0d3e9b7e69726035 privilege: Add POSIX capabilities(7) support. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ8+0TAAKCRDcUY/If5cW qgaZAP9X4wV+EdJqwdVEdsZQph1DMP4FHK/Xx0lBbMMGgA6wFQEA4IW4Z+2czwaC S2SxIGXzUtJMiso/bkxKJas0RxxD6As= =/ijM -----END PGP SIGNATURE----- --=-=-=--
Vagrant Cascadian <vagrant@HIDDEN>:Vagrant Cascadian <vagrant@HIDDEN>:Received: (at 55683) by debbugs.gnu.org; 13 Feb 2023 19:52:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 13 14:52:38 2023 Received: from localhost ([127.0.0.1]:51676 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pResP-0005f7-Ot for submit <at> debbugs.gnu.org; Mon, 13 Feb 2023 14:52:37 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:46978) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <vagrant@HIDDEN>) id 1pResN-0005eq-9I for 55683 <at> debbugs.gnu.org; Mon, 13 Feb 2023 14:52:36 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@HIDDEN) by cascadia.aikidev.net (Postfix) with ESMTPSA id B6ED31ACB9 for <55683 <at> debbugs.gnu.org>; Mon, 13 Feb 2023 11:52:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1676317947; bh=LM/CNYsvVd5o/jFcpnTS4rMd8/5cCrIFkrasJ1YZrTM=; h=From:To:Subject:In-Reply-To:References:Date:From; b=kAWEmpvXdIkSTQGhqJtldSpigheCFcCp+X7mGNQ4w/yz2IW9U+hdoNROOKK30gqYd VRu0N+j9Ptjr5rYcA8hp6YXmcKWg+mlRttehWAgo6YYeorJXcVFyEZwtL1vP9Ayo6Q lIyFtZc8tpSZxSOjFBCmqS54qDe8P81eWzga9rYXhcM/zFYu6Ctut/3GcrUoysv5Uc k9ouEavjtPubpuf+s4AB+QP0CF5QysFf1JbjPzzYCTi34bZRocSwdUMSXf3o8S6nt3 /6S8pq0NnNUE8AcPBJJLHMoogmVKAoLtOPGtbqmSYmt0Mwh2k+B0ofUBaGB+nADlGK WWob5e5mRPI0g== From: Vagrant Cascadian <vagrant@HIDDEN> To: 55683 <at> debbugs.gnu.org Subject: Re: Support binaries that need "setcap" similar to "setuid-programs" In-Reply-To: <87fsku68pn.fsf@yucca> References: <87k0a669ew.fsf@yucca> <87fsku68pn.fsf@yucca> Date: Mon, 13 Feb 2023 11:52:06 -0800 Message-ID: <87v8k5l4wp.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 55683 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2022-05-27, Vagrant Cascadian wrote: > On 2022-05-27, Vagrant Cascadian wrote: >> I've been working on a package called lcsync: >> >> https://issues.guix.gnu.org/55682 >> >> But lcsync needs CAP_NET_RAW... Normally, this is accomplished by >> running: >> >> setcap cap_net_raw=eip /path/to/bin/lcsync > > Similar issues seem to have come up for other packages: > > https://issues.guix.gnu.org/27415 > https://issues.guix.gnu.org/39136 > https://issues.guix.gnu.org/39136 > > And possibly: > > https://issues.guix.gnu.org/search?query=setcap Patches working towards implementing the required functionality at: https://issues.guix.gnu.org/61462 live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCY+qU5gAKCRDcUY/If5cW qkTGAQDorFRWvfBpZIt0+V6PSOky8TN2Q0991VsmKRFCUyB+dwEAyhnCfQIYdqYK C0kng9nQJBWt/JmGB5Wx59AYq0jgigQ= =SUZ5 -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#55683; Package guix.
Full text available.Received: (at 55683) by debbugs.gnu.org; 27 May 2022 20:07:16 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 27 16:07:16 2022 Received: from localhost ([127.0.0.1]:35839 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nugEu-00074u-MV for submit <at> debbugs.gnu.org; Fri, 27 May 2022 16:07:16 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:59182) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <vagrant@HIDDEN>) id 1nugEq-00074e-1Y for 55683 <at> debbugs.gnu.org; Fri, 27 May 2022 16:07:15 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:40]) (Authenticated sender: vagrant@HIDDEN) by cascadia.aikidev.net (Postfix) with ESMTPSA id 864111AC53 for <55683 <at> debbugs.gnu.org>; Fri, 27 May 2022 13:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1653682025; bh=0sQVOMziG2x/TMMPBVcmJI/E09H9Nwg28CX0YcFca0w=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Wc3ioQhMeFUuk5wq7Ty2VXRjk/WL7EtRzd75F1eweL+Xb8eEZELxWLq23GwEb5fbx KF5Oy575TKtLR0bH0dxBMMACWNfsVHrdZ2yDzbkLhci9RugXUURTUZiYDnyI9YAUQ3 c3beDvKHXr4ZMo/sm7HoEh7Jb7GK59/ApM3Ahupga8Bb21M2/ECR5x5cYi1hPMjLvy 1z+FT8gJr3eCKOFPCe7nnXgIFqkAbRJmlpdAvWW3TMQnqVZEZT0YucKUelQ4PWjjKR /9ay9SJm1GuKJ5By70whbsS7cN6BkhZmYxNFJFWZF4xy1Yprfjef9hic2XV89aOZ0c H80MxormQEMNQ== From: Vagrant Cascadian <vagrant@HIDDEN> To: 55683 <at> debbugs.gnu.org Subject: Re: Support binaries that need "setcap" similar to "setuid-programs" In-Reply-To: <87k0a669ew.fsf@yucca> References: <87k0a669ew.fsf@yucca> Date: Fri, 27 May 2022 13:07:00 -0700 Message-ID: <87fsku68pn.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55683 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2022-05-27, Vagrant Cascadian wrote: > I've been working on a package called lcsync: > > https://issues.guix.gnu.org/55682 > > But lcsync needs CAP_NET_RAW... Normally, this is accomplished by > running: > > setcap cap_net_raw=eip /path/to/bin/lcsync Similar issues seem to have come up for other packages: https://issues.guix.gnu.org/27415 https://issues.guix.gnu.org/39136 https://issues.guix.gnu.org/39136 And possibly: https://issues.guix.gnu.org/search?query=setcap Some programs *might* be able to handle this sort of thing in a service definition, but lcsync at least should be callable by the user from the commandline (sort of like rsync); it doesn't normally have a daemon component that would make sense to run as a service. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYpEvZQAKCRDcUY/If5cW qjZoAP9AJY7bNJjrClE8XKwONxFKEyqeQz6uxJgJbqvQOpQoUgEAkMfSV8U2OpfW 6kK4PKPg0FiPLBZp5zvmSOb1HWHWOgw= =0mpo -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#55683; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 27 May 2022 19:52:08 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 27 15:52:08 2022 Received: from localhost ([127.0.0.1]:35831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nug0G-0006iJ-BT for submit <at> debbugs.gnu.org; Fri, 27 May 2022 15:52:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:42176) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <vagrant@HIDDEN>) id 1nug0A-0006i8-W8 for submit <at> debbugs.gnu.org; Fri, 27 May 2022 15:52:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60010) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <vagrant@HIDDEN>) id 1nug0A-0006QG-ND for bug-guix@HIDDEN; Fri, 27 May 2022 15:52:02 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:42198) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <vagrant@HIDDEN>) id 1nug07-0001xj-Py for bug-guix@HIDDEN; Fri, 27 May 2022 15:52:01 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:40]) (Authenticated sender: vagrant@HIDDEN) by cascadia.aikidev.net (Postfix) with ESMTPSA id 64AAB1AC53 for <bug-guix@HIDDEN>; Fri, 27 May 2022 12:51:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1653681117; bh=eHIi/ouWGdXWNrdMyWabOz+9IGt4yERjiYddM+ViIeM=; h=From:To:Subject:Date:From; b=cmnLLFumUEX18u9QRhiuEMNn+dXK4mCflMgkgYuODm10R93rgqIZc9KIHL7DFFcTe y/zec+7FL4/lvvJjqJTDF3RqNxOflmLr51m8hQKrA1HEu0EH9ljHo36KNYhqYKZBDy ZEgryn1rLf2bAg4+4Vfgak7IO5xDDVwvqRhMj56K2d0Nr5IJ3o30+V11K0CpBV1JUi IVx3ULzpEHL+1Uiclvy9d5mADpGGZi4aIdQ1Nld6QmVbGxSuFdnwfkKcfjnn9W2KVu /Qhb3zTCVcDJ0HtaZxmq5/SkuBeWVWVyzXOyscwF8txde8xPqmtMhIoDHgZlEurO5u slu1Cesw3p+Tw== From: Vagrant Cascadian <vagrant@HIDDEN> To: bug-guix@HIDDEN Subject: Support binaries that need "setcap" similar to "setuid-programs" Date: Fri, 27 May 2022 12:51:51 -0700 Message-ID: <87k0a669ew.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@HIDDEN; helo=cascadia.aikidev.net X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain I've been working on a package called lcsync: https://issues.guix.gnu.org/55682 But lcsync needs CAP_NET_RAW... Normally, this is accomplished by running: setcap cap_net_raw=eip /path/to/bin/lcsync You could add lcsync to setuid-programs, but this would be a terrible idea, as it's a file syncing tool and you would have root access to writing any file in the filesystem... Upstream lcsync is considering how to rewrite it to drop privledges so that it would not be *terrible* to run setuid root, but ... ideally it could just use setcap to provide the very limited root privledges that it needs. It seems like something very similar to setuid-programs could work for programs that need particular capabilities... e.g. copy a binary from the store, set the appropriate capabilities with "setcap", add this special directory to PATH. But maybe there's a better way to do this already? :) live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYpEr2AAKCRDcUY/If5cW qjFHAP9RM7GiWjiOBlMNXtl7kg/Wvi0lzcD3TFxZgLM4A5X4SQD/Q/W2jaMvykBB yYm3LTaiXORGAXBaz3B2mbw6eZ2kYAU= =r9DB -----END PGP SIGNATURE----- --=-=-=--
Vagrant Cascadian <vagrant@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#55683; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.