Login
From:
Farid Zakaria’s Blog
(Uncensored)
subscribe
Bazel Knowledge: Smuggling capabilities through a tarball | Farid Zakaria’s Blog
https://fzakaria.com/2025/09/09/bazel-knowledge-smuggling-capabilities-through-a-tarball
links
backlinks
tl;dr: Linux capabilities are just xattrs (extended attributes) on files — and since tar can preserve xattrs, Bazel can “smuggle” them into OCI layers without ever running sudo setcap.
Roast topics
Find topics
Roast it!
Roast topics
Find topics
Find it!
Roast topics
Find topics
Find it!