diff options
author | Mike Frysinger <vapier@gentoo.org> | 2013-04-28 04:24:59 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2013-04-28 04:24:59 +0000 |
commit | 57473dc881a439da3179a48caf7ca4ff9ae53020 (patch) | |
tree | 04e4d349ad0cf9ffeea971cd0890d595416a858c /eclass/fcaps.eclass | |
parent | Add fix from upstream for arm ld.so.cache lib tags #454200. (diff) | |
download | gentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.tar.gz gentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.tar.bz2 gentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.zip |
add support for setting/checking caps via libcap-ng #454908
Diffstat (limited to 'eclass/fcaps.eclass')
-rw-r--r-- | eclass/fcaps.eclass | 91 |
1 files changed, 61 insertions, 30 deletions
diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass index 3ea40d833952..f66fa71a5e56 100644 --- a/eclass/fcaps.eclass +++ b/eclass/fcaps.eclass @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.4 2013/04/28 03:11:47 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.5 2013/04/28 04:24:59 vapier Exp $ # @ECLASS: fcaps.eclass # @MAINTAINER: @@ -33,7 +33,7 @@ ___ECLASS_ONCE_FCAPS="recur -_+^+_- spank" IUSE="+filecaps" -DEPEND="filecaps? ( sys-libs/libcap )" +DEPEND="filecaps? ( || ( sys-libs/libcap sys-libs/libcap-ng ) )" # @ECLASS-VARIABLE: FILECAPS # @DEFAULT_UNSET @@ -111,7 +111,7 @@ fcaps() { esac # Process every file! - local file out + local file for file ; do [[ ${file} != /* ]] && file="${root}${file}" @@ -124,33 +124,64 @@ fcaps() { # by people. chmod ${caps_mode} "${file}" || die - if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then - case ${out} in - *"command not found"*) - if [[ -z ${__FCAPS_WARNED} ]] ; then - __FCAPS_WARNED="true" - ewarn "Could not find cap utils. Please make sure libcap is available." - fi - ;; - *"Operation not supported"*) - local fstype=$(stat -f -c %T "${file}") - ewarn "Could not set caps on '${file}' due to missing filesystem support." - ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." - ewarn "You might also have to enable the relevant FS_SECURITY option." - ;; - *) - eerror "Setting caps '${caps}' on file '${file}' failed:" - eerror "${out}" - die "could not set caps" - ;; - esac - else - # Sanity check that everything took. - setcap -v "${caps}" "${file}" >/dev/null \ - || die "Checking caps '${caps}' on '${file}' failed" - - # Everything worked. Move on to the next file. - continue + # Set/verify funcs for sys-libs/libcap. + _libcap() { setcap "${caps}" "${file}" ; } + _libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; } + + # Set/verify funcs for sys-libs/libcap-ng. + # Note: filecap only supports =ep mode. + # It also expects a different form: + # setcap cap_foo,cap_bar + # filecap foo bar + _libcap_ng() { + local caps=",${caps%=ep}" + filecap "${file}" "${caps//,cap_}" + } + _libcap_ng_verify() { + # libcap-ng has a crappy interface + local rcaps icaps caps=",${caps%=ep}" + rcaps=$(filecap "${file}" | \ + sed -nr \ + -e "s:^.{${#file}} +::" \ + -e 's:, +:\n:g' \ + -e 2p | \ + LC_ALL=C sort) || return 1 + icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort) + [[ ${rcaps} == ${icaps} ]] + } + + local out cmd notfound=0 + for cmd in _libcap _libcap_ng ; do + if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then + case ${out} in + *"command not found"*) + : $(( ++notfound )) + continue + ;; + *"Operation not supported"*) + local fstype=$(stat -f -c %T "${file}") + ewarn "Could not set caps on '${file}' due to missing filesystem support." + ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." + ewarn "You might also have to enable the relevant FS_SECURITY option." + break + ;; + *) + eerror "Setting caps '${caps}' on file '${file}' failed:" + eerror "${out}" + die "could not set caps" + ;; + esac + else + # Sanity check that everything took. + ${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed" + + # Everything worked. Move on to the next file. + continue 2 + fi + done + if [[ ${notfound} -eq 2 ]] && [[ -z ${__FCAPS_WARNED} ]] ; then + __FCAPS_WARNED="true" + ewarn "Could not find cap utils; make sure libcap or libcap-ng is available." fi fi |