summaryrefslogtreecommitdiff
path: root/eclass
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2013-04-28 04:24:59 +0000
committerMike Frysinger <vapier@gentoo.org>2013-04-28 04:24:59 +0000
commit57473dc881a439da3179a48caf7ca4ff9ae53020 (patch)
tree04e4d349ad0cf9ffeea971cd0890d595416a858c /eclass
parentAdd fix from upstream for arm ld.so.cache lib tags #454200. (diff)
downloadgentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.tar.gz
gentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.tar.bz2
gentoo-2-57473dc881a439da3179a48caf7ca4ff9ae53020.zip
add support for setting/checking caps via libcap-ng #454908
Diffstat (limited to 'eclass')
-rw-r--r--eclass/fcaps.eclass91
1 files changed, 61 insertions, 30 deletions
diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass
index 3ea40d833952..f66fa71a5e56 100644
--- a/eclass/fcaps.eclass
+++ b/eclass/fcaps.eclass
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.4 2013/04/28 03:11:47 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.5 2013/04/28 04:24:59 vapier Exp $
# @ECLASS: fcaps.eclass
# @MAINTAINER:
@@ -33,7 +33,7 @@ ___ECLASS_ONCE_FCAPS="recur -_+^+_- spank"
IUSE="+filecaps"
-DEPEND="filecaps? ( sys-libs/libcap )"
+DEPEND="filecaps? ( || ( sys-libs/libcap sys-libs/libcap-ng ) )"
# @ECLASS-VARIABLE: FILECAPS
# @DEFAULT_UNSET
@@ -111,7 +111,7 @@ fcaps() {
esac
# Process every file!
- local file out
+ local file
for file ; do
[[ ${file} != /* ]] && file="${root}${file}"
@@ -124,33 +124,64 @@ fcaps() {
# by people.
chmod ${caps_mode} "${file}" || die
- if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then
- case ${out} in
- *"command not found"*)
- if [[ -z ${__FCAPS_WARNED} ]] ; then
- __FCAPS_WARNED="true"
- ewarn "Could not find cap utils. Please make sure libcap is available."
- fi
- ;;
- *"Operation not supported"*)
- local fstype=$(stat -f -c %T "${file}")
- ewarn "Could not set caps on '${file}' due to missing filesystem support."
- ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel."
- ewarn "You might also have to enable the relevant FS_SECURITY option."
- ;;
- *)
- eerror "Setting caps '${caps}' on file '${file}' failed:"
- eerror "${out}"
- die "could not set caps"
- ;;
- esac
- else
- # Sanity check that everything took.
- setcap -v "${caps}" "${file}" >/dev/null \
- || die "Checking caps '${caps}' on '${file}' failed"
-
- # Everything worked. Move on to the next file.
- continue
+ # Set/verify funcs for sys-libs/libcap.
+ _libcap() { setcap "${caps}" "${file}" ; }
+ _libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; }
+
+ # Set/verify funcs for sys-libs/libcap-ng.
+ # Note: filecap only supports =ep mode.
+ # It also expects a different form:
+ # setcap cap_foo,cap_bar
+ # filecap foo bar
+ _libcap_ng() {
+ local caps=",${caps%=ep}"
+ filecap "${file}" "${caps//,cap_}"
+ }
+ _libcap_ng_verify() {
+ # libcap-ng has a crappy interface
+ local rcaps icaps caps=",${caps%=ep}"
+ rcaps=$(filecap "${file}" | \
+ sed -nr \
+ -e "s:^.{${#file}} +::" \
+ -e 's:, +:\n:g' \
+ -e 2p | \
+ LC_ALL=C sort) || return 1
+ icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort)
+ [[ ${rcaps} == ${icaps} ]]
+ }
+
+ local out cmd notfound=0
+ for cmd in _libcap _libcap_ng ; do
+ if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then
+ case ${out} in
+ *"command not found"*)
+ : $(( ++notfound ))
+ continue
+ ;;
+ *"Operation not supported"*)
+ local fstype=$(stat -f -c %T "${file}")
+ ewarn "Could not set caps on '${file}' due to missing filesystem support."
+ ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel."
+ ewarn "You might also have to enable the relevant FS_SECURITY option."
+ break
+ ;;
+ *)
+ eerror "Setting caps '${caps}' on file '${file}' failed:"
+ eerror "${out}"
+ die "could not set caps"
+ ;;
+ esac
+ else
+ # Sanity check that everything took.
+ ${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed"
+
+ # Everything worked. Move on to the next file.
+ continue 2
+ fi
+ done
+ if [[ ${notfound} -eq 2 ]] && [[ -z ${__FCAPS_WARNED} ]] ; then
+ __FCAPS_WARNED="true"
+ ewarn "Could not find cap utils; make sure libcap or libcap-ng is available."
fi
fi