During the build process, we set capabilities to elevate privileges of certain progrems (e.g. ping). These have been removed during the build process because of strip.
This patch collects any capabilities from all files that are being stripped and restores them after calling strip.
Fixes: #12652 Reported-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/stripper | 9 +++++++++ 1 file changed, 9 insertions(+)
Please re-ship ping and etherwake with this patch.
diff --git a/src/stripper b/src/stripper index ac5f58ca5..e51463c69 100755 --- a/src/stripper +++ b/src/stripper @@ -27,6 +27,10 @@ function _strip() { fi done
+ # Fetch any capabilities + local capabilities="$(getfattr --no-dereference --name="security.capability" \ + --absolute-names --dump "${file}")" + local cmd=( "${strip}" )
case "$(file -bi ${file})" in @@ -40,6 +44,11 @@ function _strip() {
echo "Stripping ${file}..." ${cmd[*]} ${file} + + # Restore capabilities + if [ -n "${capabilities}" ]; then + setfattr --no-dereference --restore=<(echo "${capabilities}") + fi }
for dir in ${dirs}; do
Thank you very much. :-)
Acked-by: Peter Müller peter.mueller@ipfire.org
During the build process, we set capabilities to elevate privileges of certain progrems (e.g. ping). These have been removed during the build process because of strip.
This patch collects any capabilities from all files that are being stripped and restores them after calling strip.
Fixes: #12652 Reported-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/stripper | 9 +++++++++ 1 file changed, 9 insertions(+)
Please re-ship ping and etherwake with this patch.
diff --git a/src/stripper b/src/stripper index ac5f58ca5..e51463c69 100755 --- a/src/stripper +++ b/src/stripper @@ -27,6 +27,10 @@ function _strip() { fi done
# Fetch any capabilities
local capabilities="$(getfattr --no-dereference --name="security.capability" \
--absolute-names --dump "${file}")"local cmd=( "${strip}" )
case "$(file -bi ${file})" in
@@ -40,6 +44,11 @@ function _strip() {
echo "Stripping ${file}..." ${cmd[*]} ${file}
- # Restore capabilities
- if [ -n "${capabilities}" ]; then
setfattr --no-dereference --restore=<(echo "${capabilities}")- fi
}
for dir in ${dirs}; do
-
Michael Tremer -
Peter Müller