summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Perez de Castro2016-12-08 15:48:04 +0200
committerAdrian Perez de Castro2016-12-08 15:48:04 +0200
commitd2f6b19887f2b86e6c61df65ebed58f96eff66bd (patch)
tree43fb98ab158e8618bb385a55cb9b0302ec2a896a
parentc4e33f66b1120f218c99d65be8e96bc0b3d81360 (diff)
downloadaur-d2f6b19887f2b86e6c61df65ebed58f96eff66bd.tar.gz
Always make the binary setuid root
The capabilities mode has been removed upstream, see: https://github.com/projectatomic/bubblewrap/commit/aedd6136b7bc1165c164330d02e729e0a95d2487
-rw-r--r--.SRCINFO6
-rw-r--r--PKGBUILD18
-rw-r--r--bubblewrap.install31
3 files changed, 12 insertions, 43 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 1e4279a2e16..1deb91b3d00 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,7 @@
-# Generated by mksrcinfo v8
-# Sun Oct 9 21:33:22 UTC 2016
pkgbase = bubblewrap-git
pkgdesc = Unprivileged sandboxing tool
- pkgver = 0.1.2.r1.g169db04
- pkgrel = 3
+ pkgver = v0.1.4.r7.ga188753
+ pkgrel = 1
url = https://github.com/projectatomic/bubblewrap
install = bubblewrap.install
arch = x86_64
diff --git a/PKGBUILD b/PKGBUILD
index 5e8260deea2..c0d694d630e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,8 +2,8 @@ pkgname='bubblewrap-git'
pkgdesc='Unprivileged sandboxing tool'
url='https://github.com/projectatomic/bubblewrap'
license=('LGPL')
-pkgver=0.1.2.r1.g169db04
-pkgrel=3
+pkgver=v0.1.4.r7.ga188753
+pkgrel=1
arch=('x86_64' 'i686')
makedepends=('autoconf' 'automake' 'libxslt')
conflicts=('bubblewrap')
@@ -12,16 +12,6 @@ source=("${pkgname}::git+${url}")
sha512sums=('SKIP')
install='bubblewrap.install'
-_privmode='setuid'
-_set_privmode () {
- if [[ -r /proc/config.gz ]] ; then
- eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)"
- if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then
- _privmode='caps'
- fi
- fi
-}
-
pkgver () {
cd "${pkgname}"
(
@@ -37,14 +27,12 @@ prepare () {
}
build () {
- _set_privmode
cd "${pkgname}"
- ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=${_privmode}
+ ./configure --prefix=/usr --with-bash-completion-dir=/usr/share/bash-completion --with-priv-mode=setuid
make
}
package () {
- _set_privmode
cd "${pkgname}"
make install DESTDIR="${pkgdir}"
}
diff --git a/bubblewrap.install b/bubblewrap.install
index ef70eb3eac4..dfa6276205a 100644
--- a/bubblewrap.install
+++ b/bubblewrap.install
@@ -1,30 +1,13 @@
# vim: ft=sh ts=4 sw=4 et
-_kernel_has_USER_NS () {
- local CONFIG_USER_NS
- if [[ -r /proc/config.gz ]] ; then
- eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)"
- if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then
- return 0
- fi
- fi
- return 1
-}
-
post_install () {
- if _kernel_has_USER_NS ; then
- setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap
- else
- echo "== The /usr/bin/bwrap binary has been installed setuid root."
- echo " If you will be using a kernel with the USER_NS option enabled,"
- echo " you may want to use capabilities instead. For this, run:"
- echo ""
- echo " # chmod u-s /usr/bin/bwrap"
- echo " # setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep \\"
- echo " /usr/bin/bwrap"
- echo ""
- chmod u+s /usr/bin/bwrap
- fi
+ echo "== The /usr/bin/bwrap binary has been installed setuid root."
+ echo " If you will be using a kernel with the USER_NS option enabled,"
+ echo " you may want to use disable the setuid bit. For this, run:"
+ echo ""
+ echo " # chmod u-s /usr/bin/bwrap"
+ echo ""
+ chmod u+s /usr/bin/bwrap
}
post_upgrade () {