From 2f321ced219eeff9a2df305fd8a621c03875893f Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 15 Nov 2012 15:35:25 +0000
Subject: todo: We must implement ACLs and filesystem capabilities for SCAP.

Thanks Steve Grubb.
---
 TODO | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/TODO b/TODO
index 22869bf1..4ba003a7 100644
--- a/TODO
+++ b/TODO
@@ -48,7 +48,6 @@ Ideas for extra commands
 
   General glibc / core programs:
     chgrp
-    setfacl, getfacl
 
   ext2 properties:
     badblocks
@@ -588,3 +587,26 @@ is very poorly designed and essentially impossible for us to use:
 
 particularly if we also want to maintain backwards compatibility with
 Ruby 1.8, and/or maintain volatile VALUEs on the stack.
+
+ACLs and capabilities
+---------------------
+
+We need to model both filesystem ACLs and filesystem capabilities
+through the API.  This is particularly important in order to be able
+to implement SCAP.
+
+ACLs can be read and written using the acl(5) library and the
+functions like acl_set_file(3) etc.
+
+Setting the ACL on a file sets the extended attribute
+'system.posix_acl_access' to a binary blob.  The kernel has a whole
+bunch of complex code that seems to interpret these
+(linux/fs/posix_acl.c).
+
+Filesystem capabilities can be read and written using the libcap(3)
+library and functions like cap_get_file, cap_set_file.
+
+Setting fs capabilities on a file sets the extended attribute
+'security.capability' to a binary blob.  These are implemented using a
+Linux Security Module (security/capability.c) and presumably by
+something in exec, but I couldn't see exactly how this works.
-- 
cgit