* [PATCH] stripper: Handle capabilities
@ 2021-07-09 16:17 Michael Tremer
2021-07-09 19:11 ` Peter Müller
0 siblings, 1 reply; 2+ messages in thread
From: Michael Tremer @ 2021-07-09 16:17 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1221 bytes --]
During the build process, we set capabilities to elevate privileges of
certain progrems (e.g. ping). These have been removed during the build
process because of strip.
This patch collects any capabilities from all files that are being
stripped and restores them after calling strip.
Fixes: #12652
Reported-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
src/stripper | 9 +++++++++
1 file changed, 9 insertions(+)
Please re-ship ping and etherwake with this patch.
diff --git a/src/stripper b/src/stripper
index ac5f58ca5..e51463c69 100755
--- a/src/stripper
+++ b/src/stripper
@@ -27,6 +27,10 @@ function _strip() {
fi
done
+ # Fetch any capabilities
+ local capabilities="$(getfattr --no-dereference --name="security.capability" \
+ --absolute-names --dump "${file}")"
+
local cmd=( "${strip}" )
case "$(file -bi ${file})" in
@@ -40,6 +44,11 @@ function _strip() {
echo "Stripping ${file}..."
${cmd[*]} ${file}
+
+ # Restore capabilities
+ if [ -n "${capabilities}" ]; then
+ setfattr --no-dereference --restore=<(echo "${capabilities}")
+ fi
}
for dir in ${dirs}; do
--
2.20.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] stripper: Handle capabilities
2021-07-09 16:17 [PATCH] stripper: Handle capabilities Michael Tremer
@ 2021-07-09 19:11 ` Peter Müller
0 siblings, 0 replies; 2+ messages in thread
From: Peter Müller @ 2021-07-09 19:11 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1380 bytes --]
Thank you very much. :-)
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
> During the build process, we set capabilities to elevate privileges of
> certain progrems (e.g. ping). These have been removed during the build
> process because of strip.
>
> This patch collects any capabilities from all files that are being
> stripped and restores them after calling strip.
>
> Fixes: #12652
> Reported-by: Peter Müller <peter.mueller(a)ipfire.org>
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
> src/stripper | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> Please re-ship ping and etherwake with this patch.
>
> diff --git a/src/stripper b/src/stripper
> index ac5f58ca5..e51463c69 100755
> --- a/src/stripper
> +++ b/src/stripper
> @@ -27,6 +27,10 @@ function _strip() {
> fi
> done
>
> + # Fetch any capabilities
> + local capabilities="$(getfattr --no-dereference --name="security.capability" \
> + --absolute-names --dump "${file}")"
> +
> local cmd=( "${strip}" )
>
> case "$(file -bi ${file})" in
> @@ -40,6 +44,11 @@ function _strip() {
>
> echo "Stripping ${file}..."
> ${cmd[*]} ${file}
> +
> + # Restore capabilities
> + if [ -n "${capabilities}" ]; then
> + setfattr --no-dereference --restore=<(echo "${capabilities}")
> + fi
> }
>
> for dir in ${dirs}; do
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-07-09 19:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-09 16:17 [PATCH] stripper: Handle capabilities Michael Tremer
2021-07-09 19:11 ` Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox