In addition to supporting file system capabilities (fate#307254) I’ve also updated the permissions handling in 11.4 slightly.
There have been complaints that every SuSEconfig run also calls SuSEconfig.permissions which leads to changed file permissions at unexpected times. Therefore I’ve modified SuSEconfig.permissions to only actually set permissions when called explicitly (ie SuSEconfig –module permissions). When called by a generic SuSEconfig run SuSEconfig.permissions now only shows files with wrong permissions but doesn’t actually fix them anymore.
Since packages that have files with special permission handling do call SuSEconfig.permissions explicitly via %run_permissions in %post the change above alone isn’t sufficient to avoid surprises. Therefore I’ve introduced the new macro %set_permissions. This macro expects file names as arguments. Only permissions of those files are adjusted then. To notify packagers of that new method an rpmlint check now issues an informal message if %run_permissions is used.
Both comments and pings are currently closed.
Sounds something what we really need.
What you think if when installing package susepermissions is run
only whith *.permissions files installed by that package?
most permissions are kept in the central /etc/permissions.* files anyways.