diff options
author | Adrian Perez de Castro | 2016-09-22 05:13:39 +0300 |
---|---|---|
committer | Adrian Perez de Castro | 2016-09-22 05:16:25 +0300 |
commit | 9b610f3aec349e599588a35b383d6a48a2ed6d8d (patch) | |
tree | 3d08ce63f19231ccda42c903da4ea9eb509e3219 | |
parent | 6861b4279d674e6f7843d7ba10c744d6bb62e6bc (diff) | |
download | aur-9b610f3aec349e599588a35b383d6a48a2ed6d8d.tar.gz |
Detect whether capabilities can be used, falling back to setuid mode
If CONFIG_USER_NS is not enabled in the (running) kernel, install the
binary setuid root. Otherwise use capabilities.
-rw-r--r-- | PKGBUILD | 18 | ||||
-rw-r--r-- | bubblewrap.install | 2 |
2 files changed, 16 insertions, 4 deletions
@@ -2,16 +2,26 @@ pkgname='bubblewrap-git' pkgdesc='Unprivileged sandboxing tool' url='https://github.com/projectatomic/bubblewrap' license=('LGPL') -pkgver=r139.bf6e356 +pkgver=0.1.2.r0.g089327d pkgrel=1 arch=('x86_64' 'i686') makedepends=('autoconf' 'automake' 'libxslt') -install='bubblewrap.install' conflicts=('bubblewrap') provides=('bubblewrap') source=("${pkgname}::git+${url}") sha512sums=('SKIP') +_privmode='setuid' +_set_privmode () { + if [[ -r /proc/config.gz ]] ; then + eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" + if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then + install='bubblewrap.install' + _privmode='caps' + fi + fi +} + pkgver () { cd "${pkgname}" ( @@ -27,12 +37,14 @@ prepare () { } build () { + _set_privmode cd "${pkgname}" - ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion + ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=${_privmode} make } package () { + _set_privmode cd "${pkgname}" make install DESTDIR="${pkgdir}" } diff --git a/bubblewrap.install b/bubblewrap.install index 8c7b05ee8522..df94acb62437 100644 --- a/bubblewrap.install +++ b/bubblewrap.install @@ -1,7 +1,7 @@ # vim: ft=sh ts=4 sw=4 et post_install () { - setcap cap_sys_admin,cap_net_admin,cap_sys_chroot+ep /usr/bin/bwrap + setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap } post_upgrade () { |