diff options
author | Adrian Perez de Castro | 2016-12-08 15:48:04 +0200 |
---|---|---|
committer | Adrian Perez de Castro | 2016-12-08 15:48:04 +0200 |
commit | d2f6b19887f2b86e6c61df65ebed58f96eff66bd (patch) | |
tree | 43fb98ab158e8618bb385a55cb9b0302ec2a896a /bubblewrap.install | |
parent | c4e33f66b1120f218c99d65be8e96bc0b3d81360 (diff) | |
download | aur-d2f6b19887f2b86e6c61df65ebed58f96eff66bd.tar.gz |
Always make the binary setuid root
The capabilities mode has been removed upstream, see:
https://github.com/projectatomic/bubblewrap/commit/aedd6136b7bc1165c164330d02e729e0a95d2487
Diffstat (limited to 'bubblewrap.install')
-rw-r--r-- | bubblewrap.install | 31 |
1 files changed, 7 insertions, 24 deletions
diff --git a/bubblewrap.install b/bubblewrap.install index ef70eb3eac4e..dfa6276205ae 100644 --- a/bubblewrap.install +++ b/bubblewrap.install @@ -1,30 +1,13 @@ # vim: ft=sh ts=4 sw=4 et -_kernel_has_USER_NS () { - local CONFIG_USER_NS - if [[ -r /proc/config.gz ]] ; then - eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)" - if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then - return 0 - fi - fi - return 1 -} - post_install () { - if _kernel_has_USER_NS ; then - setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap - else - echo "== The /usr/bin/bwrap binary has been installed setuid root." - echo " If you will be using a kernel with the USER_NS option enabled," - echo " you may want to use capabilities instead. For this, run:" - echo "" - echo " # chmod u-s /usr/bin/bwrap" - echo " # setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep \\" - echo " /usr/bin/bwrap" - echo "" - chmod u+s /usr/bin/bwrap - fi + echo "== The /usr/bin/bwrap binary has been installed setuid root." + echo " If you will be using a kernel with the USER_NS option enabled," + echo " you may want to use disable the setuid bit. For this, run:" + echo "" + echo " # chmod u-s /usr/bin/bwrap" + echo "" + chmod u+s /usr/bin/bwrap } post_upgrade () { |