Am 16.04.2014 14:16, schrieb Allan McRae:
Getting off-topic...
Indeed.
but only one package in our repos uses setfacl (systemd on the journal directory) in its install script, and seven use setcap. Getting the majority case fixed is still worth including this in my opinion. We can deal with get/setfacl when fakeroot does properly. Any chance you can take that upstream?
I don't really have the time now, maybe some time on the weekend. From what I saw quickly, the solution is merely to remove all the function overrides for the acl_* functions from libfakeroot.c. Unless you beat me to it, I'll test this on the weekend.
Also, I really thought setcap would be used in more install scripts!
It becomes really bad when upstream uses it in the Makefile (like systemd does) and the maintainer does not add this it to the .install manually. But indeed, many more setuid binaries should make use of file capabilities instead.