Login
Roast topics
Find topics
Find it!
From:
Farid Zakaria’s Blog
(Uncensored)
subscribe
Bazel Knowledge: Smuggling capabilities through a tarball | Farid Zakaria’s Blog
https://fzakaria.com/2025/09/09/bazel-knowledge-smuggling-capabilities-through-a-tarball
links
backlinks
Roast topics
Find topics
Roast it!
tl;dr: Linux capabilities are just xattrs (extended attributes) on files — and since tar can preserve xattrs, Bazel can “smuggle” them into OCI layers without ever running sudo setcap.
