On Sun, 2011-03-13 at 20:56 +0100, Sebastian Harl wrote:
> Hi,
>
> the new upstream version of one of my packages tries to set the
> CAP_NET_RAW (permission to use RAW and PACKET sockets) file capability
> during "make install" (using setcap(8)). (The affected tool sends ICMP
> ECHO_REQUESTS ("pings"), thus needs to open a RAW socket. Imho, setting
> the file capability is a nicer approach than setting the setuid bit.)
This might be a little premature, as the version of 'ls' in unstable
doesn't yet indicate files with setcap flags. Also, what if the program
is installed on a filesystem that doesn't support setcap?
> Now, the question is: is it allowed to ship files having special
> capabilities set. I couldn't find anything neither in the policy nor in
> the devref. If the answer to that is "yes", how should the package
> handle that? Using setcap(8) requires root privileges, so it cannot be
> used in debian/rules.
So do many things involving in building a package, which is why we have
fakeroot. But more importantly:
- fakeroot doesn't yet wrap capset(2)
- tar (which is used by dpkg) doesn't save or restore setcap flags
> Would it be fine to do that in postinst?
It must be done in postinst, and you may need to fall back to setuid if
the filesystem does not support setcap.
Ben.
> TIA for any comments or pointers!
>
> Cheers,
> Sebastian
>
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part