diff options
author | Adrian Perez de Castro | 2016-10-09 23:39:29 +0300 |
---|---|---|
committer | Adrian Perez de Castro | 2016-10-09 23:39:29 +0300 |
commit | e442c73ce837781a02a1cde03b4266c83a2df88e (patch) | |
tree | e2a8fe2311d9d0235e4853d0421e73ff49235b75 | |
parent | 21c542a05aa20b480995aeb29598a509c2dcc6c3 (diff) | |
download | aur-e442c73ce837781a02a1cde03b4266c83a2df88e.tar.gz |
Set bwrap as setuid if needed in install script
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | bubblewrap.install | 25 |
3 files changed, 29 insertions, 6 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Sun Oct 9 20:23:10 UTC 2016 +# Sun Oct 9 20:38:35 UTC 2016 pkgbase = bubblewrap-git pkgdesc = Unprivileged sandboxing tool pkgver = 0.1.2.r1.g169db04 - pkgrel = 1 + pkgrel = 2 url = https://github.com/projectatomic/bubblewrap arch = x86_64 arch = i686 @@ -3,7 +3,7 @@ pkgdesc='Unprivileged sandboxing tool' url='https://github.com/projectatomic/bubblewrap' license=('LGPL') pkgver=0.1.2.r1.g169db04 -pkgrel=1 +pkgrel=2 arch=('x86_64' 'i686') makedepends=('autoconf' 'automake' 'libxslt') conflicts=('bubblewrap') @@ -11,13 +11,13 @@ provides=('bubblewrap') source=("${pkgname}::git+${url}") sha512sums=('SKIP') -_privmode='caps' +_privmode='setuid' _set_privmode () { if [[ -r /proc/config.gz ]] ; then eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then install='bubblewrap.install' - _privmode='none' + _privmode='caps' fi fi } diff --git a/bubblewrap.install b/bubblewrap.install index df94acb62437..ef70eb3eac4e 100644 --- a/bubblewrap.install +++ b/bubblewrap.install @@ -1,7 +1,30 @@ # vim: ft=sh ts=4 sw=4 et +_kernel_has_USER_NS () { + local CONFIG_USER_NS + if [[ -r /proc/config.gz ]] ; then + eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" + if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then + return 0 + fi + fi + return 1 +} + post_install () { - setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap + if _kernel_has_USER_NS ; then + setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap + else + echo "== The /usr/bin/bwrap binary has been installed setuid root." + echo " If you will be using a kernel with the USER_NS option enabled," + echo " you may want to use capabilities instead. For this, run:" + echo "" + echo " # chmod u-s /usr/bin/bwrap" + echo " # setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep \\" + echo " /usr/bin/bwrap" + echo "" + chmod u+s /usr/bin/bwrap + fi } post_upgrade () { |