|
|
ed184b |
From b4178c979fff344a1c5142a305f274dd9aff8f45 Mon Sep 17 00:00:00 2001
|
|
|
ed184b |
From: Markus Linnala <markus.linnala@gmail.com>
|
|
|
ed184b |
Date: Sun, 28 Oct 2018 14:59:52 +0200
|
|
|
ed184b |
Subject: [PATCH] Remove capabilities instead of setting empty caps via.
|
|
|
ed184b |
--setcaps
|
|
|
ed184b |
|
|
|
ed184b |
If a file in a package does not have any capabilities rpm --setcaps should
|
|
|
ed184b |
remove capabilities of the file. Prior to this patch capabilities of the file
|
|
|
ed184b |
were set as empty.
|
|
|
ed184b |
|
|
|
ed184b |
Empty capabilities mean more than no capabilities. A file with no capabilities
|
|
|
ed184b |
can inherit capabilities, but file with empty capabilities can not.
|
|
|
ed184b |
|
|
|
ed184b |
When ever package does not have any capabilities set %|FILECAPS? is false.
|
|
|
ed184b |
If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is ''
|
|
|
ed184b |
when the file does not have capabilities and '= <capstring>' when there is some.
|
|
|
ed184b |
|
|
|
ed184b |
Reported and patch created by Markus Linnala
|
|
|
ed184b |
Commit message edited by Pavlina Moravcova Varekova and Florian Festi.
|
|
|
ed184b |
|
|
|
ed184b |
Fixes #585
|
|
|
ed184b |
Fixes #586
|
|
|
ed184b |
---
|
|
|
ed184b |
rpmpopt.in | 9 +++++++--
|
|
|
ed184b |
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
ed184b |
|
|
|
ed184b |
diff --git a/rpmpopt.in b/rpmpopt.in
|
|
|
ed184b |
index 42d3416a3..557050a24 100644
|
|
|
ed184b |
--- a/rpmpopt.in
|
|
|
ed184b |
+++ b/rpmpopt.in
|
|
|
ed184b |
@@ -57,8 +57,13 @@ rpm alias --setugids -q --qf \
|
|
|
ed184b |
--POPTdesc=$"set user/group ownership of files in a package"
|
|
|
ed184b |
|
|
|
ed184b |
rpm alias --setcaps -q --qf \
|
|
|
ed184b |
- "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \
|
|
|
ed184b |
- && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \
|
|
|
ed184b |
+ "[if \[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \]; then\n\
|
|
|
ed184b |
+%|FILECAPS?{ if \[ -n %{FILECAPS:shescape} \]; then\n\
|
|
|
ed184b |
+ setcap %{FILECAPS:shescape} %{FILENAMES:shescape}\n\
|
|
|
ed184b |
+ el}:{ }|if \[ -n \"\$(getcap %{FILENAMES:shescape})\" \]; then\n\
|
|
|
ed184b |
+ setcap -r %{FILENAMES:shescape}\n\
|
|
|
ed184b |
+ fi\n\
|
|
|
ed184b |
+fi\n]" \
|
|
|
ed184b |
--pipe "sh" \
|
|
|
ed184b |
--POPTdesc=$"set capabilities of files in a package"
|
|
|
ed184b |
|
|
|
ed184b |
--
|
|
|
ed184b |
2.21.0
|
|
|
ed184b |
|