summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Perez de Castro2016-10-09 23:39:29 +0300
committerAdrian Perez de Castro2016-10-09 23:39:29 +0300
commite442c73ce837781a02a1cde03b4266c83a2df88e (patch)
treee2a8fe2311d9d0235e4853d0421e73ff49235b75
parent21c542a05aa20b480995aeb29598a509c2dcc6c3 (diff)
downloadaur-e442c73ce837781a02a1cde03b4266c83a2df88e.tar.gz
Set bwrap as setuid if needed in install script
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD6
-rw-r--r--bubblewrap.install25
3 files changed, 29 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index d393592beba..ea9e5a5da48 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
# Generated by mksrcinfo v8
-# Sun Oct 9 20:23:10 UTC 2016
+# Sun Oct 9 20:38:35 UTC 2016
pkgbase = bubblewrap-git
pkgdesc = Unprivileged sandboxing tool
pkgver = 0.1.2.r1.g169db04
- pkgrel = 1
+ pkgrel = 2
url = https://github.com/projectatomic/bubblewrap
arch = x86_64
arch = i686
diff --git a/PKGBUILD b/PKGBUILD
index 709191f27a4..1ae7428a177 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@ pkgdesc='Unprivileged sandboxing tool'
url='https://github.com/projectatomic/bubblewrap'
license=('LGPL')
pkgver=0.1.2.r1.g169db04
-pkgrel=1
+pkgrel=2
arch=('x86_64' 'i686')
makedepends=('autoconf' 'automake' 'libxslt')
conflicts=('bubblewrap')
@@ -11,13 +11,13 @@ provides=('bubblewrap')
source=("${pkgname}::git+${url}")
sha512sums=('SKIP')
-_privmode='caps'
+_privmode='setuid'
_set_privmode () {
if [[ -r /proc/config.gz ]] ; then
eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)"
if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then
install='bubblewrap.install'
- _privmode='none'
+ _privmode='caps'
fi
fi
}
diff --git a/bubblewrap.install b/bubblewrap.install
index df94acb6243..ef70eb3eac4 100644
--- a/bubblewrap.install
+++ b/bubblewrap.install
@@ -1,7 +1,30 @@
# vim: ft=sh ts=4 sw=4 et
+_kernel_has_USER_NS () {
+ local CONFIG_USER_NS
+ if [[ -r /proc/config.gz ]] ; then
+ eval "$(zgrep '^CONFIG_USER_NS=' /proc/config.gz)"
+ if [[ -n ${CONFIG_USER_NS} && ${CONFIG_USER_NS} != n ]] ; then
+ return 0
+ fi
+ fi
+ return 1
+}
+
post_install () {
- setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap
+ if _kernel_has_USER_NS ; then
+ setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep /usr/bin/bwrap
+ else
+ echo "== The /usr/bin/bwrap binary has been installed setuid root."
+ echo " If you will be using a kernel with the USER_NS option enabled,"
+ echo " you may want to use capabilities instead. For this, run:"
+ echo ""
+ echo " # chmod u-s /usr/bin/bwrap"
+ echo " # setcap cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid+ep \\"
+ echo " /usr/bin/bwrap"
+ echo ""
+ chmod u+s /usr/bin/bwrap
+ fi
}
post_upgrade () {