treefile: Port tests away from openat #3847
Conversation
I switched things to just use `std::fs::write()` because porting to cap-std isn't really important or worth it here.
|
Are we gaining anything from not using cap-std? I would say there is some value of having us use cap-std across the repo for consistency, also it helps when looking for examples of "where have we done this before". |
|
Well...we have a ton of code that isn't capability based. We're not going to rewrite everything; and also, not all code is equally critical. This specific code is just used in tests. And where I hope we will go (as alluded to in a few PRs) is to split rpm-ostree into separate processes; specifically, I think if we can move all the libdnf stuff to a (lesser privileged) subprocess that'd be a gigantic win. Today in this case it's the libdnf APIs only operating on path strings that blocks the treefile code from using cap-std. But, if we end up forking it into an entirely separate process, then...well, that problem actually doesn't go away but we can hackily pass it the data it needs by going back to the What's a bit more important to me actually is to stop depending on the |
|
thanks for explaining this, it puts everything in perspective. |
I switched things to just use
std::fs::write()because portingto cap-std isn't really important or worth it here.