diff options
| author | Adrian Perez de Castro | 2016-12-08 15:48:04 +0200 |
|---|---|---|
| committer | Adrian Perez de Castro | 2016-12-08 15:48:04 +0200 |
| commit | d2f6b19887f2b86e6c61df65ebed58f96eff66bd (patch) | |
| tree | 43fb98ab158e8618bb385a55cb9b0302ec2a896a | |
| parent | c4e33f66b1120f218c99d65be8e96bc0b3d81360 (diff) | |
| download | aur-d2f6b19887f2b86e6c61df65ebed58f96eff66bd.tar.gz | |
Always make the binary setuid root
The capabilities mode has been removed upstream, see:
https://github.com/projectatomic/bubblewrap/commit/aedd6136b7bc1165c164330d02e729e0a95d2487
| -rw-r--r-- | .SRCINFO | 6 | ||||
| -rw-r--r-- | PKGBUILD | 18 | ||||
| -rw-r--r-- | bubblewrap.install | 31 |
3 files changed, 12 insertions, 43 deletions
@@ -1,9 +1,7 @@ -# Generated by mksrcinfo v8 -# Sun Oct 9 21:33:22 UTC 2016 pkgbase = bubblewrap-git pkgdesc = Unprivileged sandboxing tool - pkgver = 0.1.2.r1.g169db04 - pkgrel = 3 + pkgver = v0.1.4.r7.ga188753 + pkgrel = 1 url = https://github.com/projectatomic/bubblewrap install = bubblewrap.install arch = x86_64 @@ -2,8 +2,8 @@ pkgname='bubblewrap-git' pkgdesc='Unprivileged sandboxing tool' url='https://github.com/projectatomic/bubblewrap' license=('LGPL') -pkgver=0.1.2.r1.g169db04 -pkgrel=3 +pkgver=v0.1.4.r7.ga188753 +pkgrel=1 arch=('x86_64' 'i686') makedepends=('autoconf' 'automake' 'libxslt') conflicts=('bubblewrap') @@ -12,16 +12,6 @@ source=("${pkgname}::git+${url}") sha512sums=('SKIP') install='bubblewrap.install' -_privmode='setuid' -_set_privmode () { - if [[ -r /proc/config.gz ]] ; then - eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" - if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then - _privmode='caps' - fi - fi -} - pkgver () { cd "${pkgname}" ( @@ -37,14 +27,12 @@ prepare () { } build () { - _set_privmode cd "${pkgname}" - ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=${_privmode} + ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=setuid make } package () { - _set_privmode cd "${pkgname}" make install DESTDIR="${pkgdir}" } diff --git a/bubblewrap.install b/bubblewrap.install index ef70eb3eac4e..dfa6276205ae 100644 --- a/bubblewrap.install +++ b/bubblewrap.install @@ -1,30 +1,13 @@ # vim: ft=sh ts=4 sw=4 et -_kernel_has_USER_NS () { - local CONFIG_USER_NS - if [[ -r /proc/config.gz ]] ; then - eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" - if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then - return 0 - fi - fi - return 1 -} - post_install () { - if _kernel_has_USER_NS ; then - setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap - else - echo "== The /usr/bin/bwrap binary has been installed setuid root." - echo " If you will be using a kernel with the USER_NS option enabled," - echo " you may want to use capabilities instead. For this, run:" - echo "" - echo " # chmod u-s /usr/bin/bwrap" - echo " # setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep \\" - echo " /usr/bin/bwrap" - echo "" - chmod u+s /usr/bin/bwrap - fi + echo "== The /usr/bin/bwrap binary has been installed setuid root." + echo " If you will be using a kernel with the USER_NS option enabled," + echo " you may want to use disable the setuid bit. For this, run:" + echo "" + echo " # chmod u-s /usr/bin/bwrap" + echo "" + chmod u+s /usr/bin/bwrap } post_upgrade () { |