From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] stripper: Handle capabilities Date: Fri, 09 Jul 2021 21:11:36 +0200 Message-ID: In-Reply-To: <20210709161742.4224-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1399254844764709354==" List-Id: --===============1399254844764709354== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you very much. :-) Acked-by: Peter M=C3=BCller > During the build process, we set capabilities to elevate privileges of > certain progrems (e.g. ping). These have been removed during the build > process because of strip. >=20 > This patch collects any capabilities from all files that are being > stripped and restores them after calling strip. >=20 > Fixes: #12652 > Reported-by: Peter M=C3=BCller > Signed-off-by: Michael Tremer > --- > src/stripper | 9 +++++++++ > 1 file changed, 9 insertions(+) >=20 > Please re-ship ping and etherwake with this patch. >=20 > diff --git a/src/stripper b/src/stripper > index ac5f58ca5..e51463c69 100755 > --- a/src/stripper > +++ b/src/stripper > @@ -27,6 +27,10 @@ function _strip() { > fi > done > =20 > + # Fetch any capabilities > + local capabilities=3D"$(getfattr --no-dereference --name=3D"security.capa= bility" \ > + --absolute-names --dump "${file}")" > + > local cmd=3D( "${strip}" ) > =20 > case "$(file -bi ${file})" in > @@ -40,6 +44,11 @@ function _strip() { > =20 > echo "Stripping ${file}..." > ${cmd[*]} ${file} > + > + # Restore capabilities > + if [ -n "${capabilities}" ]; then > + setfattr --no-dereference --restore=3D<(echo "${capabilities}") > + fi > } > =20 > for dir in ${dirs}; do >=20 --===============1399254844764709354==--