summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Perez de Castro2016-09-22 05:13:39 +0300
committerAdrian Perez de Castro2016-09-22 05:16:25 +0300
commit9b610f3aec349e599588a35b383d6a48a2ed6d8d (patch)
tree3d08ce63f19231ccda42c903da4ea9eb509e3219
parent6861b4279d674e6f7843d7ba10c744d6bb62e6bc (diff)
downloadaur-9b610f3aec349e599588a35b383d6a48a2ed6d8d.tar.gz
Detect whether capabilities can be used, falling back to setuid mode
If CONFIG_USER_NS is not enabled in the (running) kernel, install the binary setuid root. Otherwise use capabilities.
-rw-r--r--PKGBUILD18
-rw-r--r--bubblewrap.install2
2 files changed, 16 insertions, 4 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 66e72a67c28..a82e1bbd1f1 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,16 +2,26 @@ pkgname='bubblewrap-git'
pkgdesc='Unprivileged sandboxing tool'
url='https://github.com/projectatomic/bubblewrap'
license=('LGPL')
-pkgver=r139.bf6e356
+pkgver=0.1.2.r0.g089327d
pkgrel=1
arch=('x86_64' 'i686')
makedepends=('autoconf' 'automake' 'libxslt')
-install='bubblewrap.install'
conflicts=('bubblewrap')
provides=('bubblewrap')
source=("${pkgname}::git+${url}")
sha512sums=('SKIP')
+_privmode='setuid'
+_set_privmode () {
+ if [[ -r /proc/config.gz ]] ; then
+ eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)"
+ if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then
+ install='bubblewrap.install'
+ _privmode='caps'
+ fi
+ fi
+}
+
pkgver () {
cd "${pkgname}"
(
@@ -27,12 +37,14 @@ prepare () {
}
build () {
+ _set_privmode
cd "${pkgname}"
- ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion
+ ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=${_privmode}
make
}
package () {
+ _set_privmode
cd "${pkgname}"
make install DESTDIR="${pkgdir}"
}
diff --git a/bubblewrap.install b/bubblewrap.install
index 8c7b05ee852..df94acb6243 100644
--- a/bubblewrap.install
+++ b/bubblewrap.install
@@ -1,7 +1,7 @@
# vim: ft=sh ts=4 sw=4 et
post_install () {
- setcap cap_sys_admin,cap_net_admin,cap_sys_chroot+ep /usr/bin/bwrap
+ setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap
}
post_upgrade () {