| 1 | # Copyright 1999-2013 Gentoo Foundation |
1 | # Copyright 1999-2013 Gentoo Foundation |
| 2 | # Distributed under the terms of the GNU General Public License v2 |
2 | # Distributed under the terms of the GNU General Public License v2 |
| 3 | # $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.1 2013/01/27 17:27:10 vapier Exp $ |
3 | # $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.2 2013/01/27 17:47:10 vapier Exp $ |
| 4 | |
4 | |
| 5 | # @ECLASS: fcaps.eclass |
5 | # @ECLASS: fcaps.eclass |
| 6 | # @MAINTAINER: |
6 | # @MAINTAINER: |
| 7 | # Constanze Hausner <constanze@gentoo.org> |
7 | # Constanze Hausner <constanze@gentoo.org> |
| 8 | # base-system@gentoo.org |
8 | # base-system@gentoo.org |
| … | |
… | |
| 54 | # @CODE |
54 | # @CODE |
| 55 | # |
55 | # |
| 56 | # Note: If you override pkg_postinst, you must call fcaps_pkg_postinst yourself. |
56 | # Note: If you override pkg_postinst, you must call fcaps_pkg_postinst yourself. |
| 57 | |
57 | |
| 58 | # @FUNCTION: fcaps |
58 | # @FUNCTION: fcaps |
| 59 | # @USAGE: [-o <owner>] [-g <group>] [-m <mode>] <capabilities> <file[s]> |
59 | # @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]> |
| 60 | # @DESCRIPTION: |
60 | # @DESCRIPTION: |
| 61 | # Sets the specified capabilities on the specified files. |
61 | # Sets the specified capabilities on the specified files. |
| 62 | # |
62 | # |
| 63 | # The caps option takes the form as expected by the cap_from_text(3) man page. |
63 | # The caps option takes the form as expected by the cap_from_text(3) man page. |
| 64 | # If no action is specified, then "=ep" will be used as a default. |
64 | # If no action is specified, then "=ep" will be used as a default. |
| 65 | # |
65 | # |
| 66 | # If the file is a relative path (e.g. bin/foo rather than /bin/foo), then the |
66 | # If the file is a relative path (e.g. bin/foo rather than /bin/foo), then the |
| 67 | # appropriate path var ($D/$ROOT/etc...) will be prefixed based on the current |
67 | # appropriate path var ($D/$ROOT/etc...) will be prefixed based on the current |
| 68 | # ebuild phase. |
68 | # ebuild phase. |
|
|
69 | # |
|
|
70 | # The caps mode (default 711) is used to set the permission on the file if |
|
|
71 | # capabilities were properly set on the file. |
| 69 | # |
72 | # |
| 70 | # If the system is unable to set capabilities, it will use the specified user, |
73 | # If the system is unable to set capabilities, it will use the specified user, |
| 71 | # group, and mode (presumably to make the binary set*id). The defaults there |
74 | # group, and mode (presumably to make the binary set*id). The defaults there |
| 72 | # are root:root and 4711. Otherwise, the ownership and permissions will be |
75 | # are root:root and 4711. Otherwise, the ownership and permissions will be |
| 73 | # unchanged. |
76 | # unchanged. |
| … | |
… | |
| 76 | |
79 | |
| 77 | # Process the user options first. |
80 | # Process the user options first. |
| 78 | local owner='root' |
81 | local owner='root' |
| 79 | local group='root' |
82 | local group='root' |
| 80 | local mode='4711' |
83 | local mode='4711' |
|
|
84 | local caps_mode='711' |
| 81 | |
85 | |
| 82 | while [[ $# -gt 0 ]] ; do |
86 | while [[ $# -gt 0 ]] ; do |
| 83 | case $1 in |
87 | case $1 in |
| 84 | -o) owner=$2; shift;; |
88 | -o) owner=$2; shift;; |
| 85 | -g) group=$2; shift;; |
89 | -g) group=$2; shift;; |
| 86 | -m) mode=$2; shift;; |
90 | -m) mode=$2; shift;; |
|
|
91 | -M) caps_mode=$2; shift;; |
| 87 | *) break;; |
92 | *) break;; |
| 88 | esac |
93 | esac |
| 89 | shift |
94 | shift |
| 90 | done |
95 | done |
| 91 | |
96 | |
| … | |
… | |
| 112 | |
117 | |
| 113 | if use filecaps ; then |
118 | if use filecaps ; then |
| 114 | # Try to set capabilities. Ignore errors when the |
119 | # Try to set capabilities. Ignore errors when the |
| 115 | # fs doesn't support it, but abort on all others. |
120 | # fs doesn't support it, but abort on all others. |
| 116 | debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'" |
121 | debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'" |
|
|
122 | |
|
|
123 | # If everything goes well, we don't want the file to be readable |
|
|
124 | # by people. |
|
|
125 | chmod ${caps_mode} "${file}" || die |
| 117 | |
126 | |
| 118 | if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then |
127 | if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then |
| 119 | if [[ ${out} != *"Operation not supported"* ]] ; then |
128 | if [[ ${out} != *"Operation not supported"* ]] ; then |
| 120 | eerror "Setting caps '${caps}' on file '${file}' failed:" |
129 | eerror "Setting caps '${caps}' on file '${file}' failed:" |
| 121 | eerror "${out}" |
130 | eerror "${out}" |
Parent Directory
| 
Revision Log
| 
Patch