/[gentoo-x86]/eclass/fcaps.eclass
Gentoo

Diff of /eclass/fcaps.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.4 Revision 1.5
1# Copyright 1999-2013 Gentoo Foundation 1# Copyright 1999-2013 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.4 2013/04/28 03:11:47 vapier Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.5 2013/04/28 04:24:59 vapier Exp $
4 4
5# @ECLASS: fcaps.eclass 5# @ECLASS: fcaps.eclass
6# @MAINTAINER: 6# @MAINTAINER:
7# Constanze Hausner <constanze@gentoo.org> 7# Constanze Hausner <constanze@gentoo.org>
8# base-system@gentoo.org 8# base-system@gentoo.org
31if [[ ${___ECLASS_ONCE_FCAPS} != "recur -_+^+_- spank" ]] ; then 31if [[ ${___ECLASS_ONCE_FCAPS} != "recur -_+^+_- spank" ]] ; then
32___ECLASS_ONCE_FCAPS="recur -_+^+_- spank" 32___ECLASS_ONCE_FCAPS="recur -_+^+_- spank"
33 33
34IUSE="+filecaps" 34IUSE="+filecaps"
35 35
36DEPEND="filecaps? ( sys-libs/libcap )" 36DEPEND="filecaps? ( || ( sys-libs/libcap sys-libs/libcap-ng ) )"
37 37
38# @ECLASS-VARIABLE: FILECAPS 38# @ECLASS-VARIABLE: FILECAPS
39# @DEFAULT_UNSET 39# @DEFAULT_UNSET
40# @DESCRIPTION: 40# @DESCRIPTION:
41# An array of fcap arguments to use to automatically execute fcaps. See that 41# An array of fcap arguments to use to automatically execute fcaps. See that
109 root=${EROOT:-${ROOT}} 109 root=${EROOT:-${ROOT}}
110 ;; 110 ;;
111 esac 111 esac
112 112
113 # Process every file! 113 # Process every file!
114 local file out 114 local file
115 for file ; do 115 for file ; do
116 [[ ${file} != /* ]] && file="${root}${file}" 116 [[ ${file} != /* ]] && file="${root}${file}"
117 117
118 if use filecaps ; then 118 if use filecaps ; then
119 # Try to set capabilities. Ignore errors when the 119 # Try to set capabilities. Ignore errors when the
122 122
123 # If everything goes well, we don't want the file to be readable 123 # If everything goes well, we don't want the file to be readable
124 # by people. 124 # by people.
125 chmod ${caps_mode} "${file}" || die 125 chmod ${caps_mode} "${file}" || die
126 126
127 # Set/verify funcs for sys-libs/libcap.
128 _libcap() { setcap "${caps}" "${file}" ; }
129 _libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; }
130
131 # Set/verify funcs for sys-libs/libcap-ng.
132 # Note: filecap only supports =ep mode.
133 # It also expects a different form:
134 # setcap cap_foo,cap_bar
135 # filecap foo bar
136 _libcap_ng() {
137 local caps=",${caps%=ep}"
138 filecap "${file}" "${caps//,cap_}"
139 }
140 _libcap_ng_verify() {
141 # libcap-ng has a crappy interface
142 local rcaps icaps caps=",${caps%=ep}"
143 rcaps=$(filecap "${file}" | \
144 sed -nr \
145 -e "s:^.{${#file}} +::" \
146 -e 's:, +:\n:g' \
147 -e 2p | \
148 LC_ALL=C sort) || return 1
149 icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort)
150 [[ ${rcaps} == ${icaps} ]]
151 }
152
153 local out cmd notfound=0
154 for cmd in _libcap _libcap_ng ; do
127 if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then 155 if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then
128 case ${out} in 156 case ${out} in
129 *"command not found"*) 157 *"command not found"*)
130 if [[ -z ${__FCAPS_WARNED} ]] ; then 158 : $(( ++notfound ))
131 __FCAPS_WARNED="true" 159 continue
132 ewarn "Could not find cap utils. Please make sure libcap is available."
133 fi
134 ;; 160 ;;
135 *"Operation not supported"*) 161 *"Operation not supported"*)
136 local fstype=$(stat -f -c %T "${file}") 162 local fstype=$(stat -f -c %T "${file}")
137 ewarn "Could not set caps on '${file}' due to missing filesystem support." 163 ewarn "Could not set caps on '${file}' due to missing filesystem support."
138 ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." 164 ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel."
139 ewarn "You might also have to enable the relevant FS_SECURITY option." 165 ewarn "You might also have to enable the relevant FS_SECURITY option."
166 break
140 ;; 167 ;;
141 *) 168 *)
142 eerror "Setting caps '${caps}' on file '${file}' failed:" 169 eerror "Setting caps '${caps}' on file '${file}' failed:"
143 eerror "${out}" 170 eerror "${out}"
144 die "could not set caps" 171 die "could not set caps"
145 ;; 172 ;;
146 esac 173 esac
147 else 174 else
148 # Sanity check that everything took. 175 # Sanity check that everything took.
149 setcap -v "${caps}" "${file}" >/dev/null \
150 || die "Checking caps '${caps}' on '${file}' failed" 176 ${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed"
151 177
152 # Everything worked. Move on to the next file. 178 # Everything worked. Move on to the next file.
153 continue 179 continue 2
180 fi
181 done
182 if [[ ${notfound} -eq 2 ]] && [[ -z ${__FCAPS_WARNED} ]] ; then
183 __FCAPS_WARNED="true"
184 ewarn "Could not find cap utils; make sure libcap or libcap-ng is available."
154 fi 185 fi
155 fi 186 fi
156 187
157 # If we're still here, setcaps failed. 188 # If we're still here, setcaps failed.
158 debug-print "${FUNCNAME}: setting owner/mode on '${file}'" 189 debug-print "${FUNCNAME}: setting owner/mode on '${file}'"

Legend:
Removed from v.1.4  
changed lines
  Added in v.1.5

  ViewVC Help
Powered by ViewVC 1.1.20