The SUID removal has had the major side effect that (effectively) mock can no longer use a tmpfs for builds, since packages in the buildroot with caps will not install correctly once the setcap call fails (tmpfs doesn't support capabilities). mdomsch's recent rebuild took 4x longer than normal as a result.
We should consider whether this is drastic enough (given the relatively minor benefit of switching to capabilities to begin with) to consider revising the feature. Three possible options (of potentially many more):
Adding feature owner here for comment.
Tracker bug, for my reference:
https://bugzilla.redhat.com/show_bug.cgi?id=646440
Will revisit again down the road.
There are prelim tmpfs capabilities patches as well.
We would like to revisit next week.
Info we would like to have:
What is the status of capabilities support for tmpfs?
Patch sent upstream for tmpfs support: http://lkml.indiana.edu/hypermail/linux/kernel/1101.1/01210.html
At todays meeting:
provided the patch gets positive feedback upstream/lands in fedora kernels, we would be ok with keeping the feature.
Will close this for now, but we can re-open if the patch runs into problems or can't get into fedora kernels.
Login to comment on this ticket.