mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-20 11:51:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

eclass/fcaps: Sync with Gentoo

Browse Source 
It's from Gentoo commit 2e32af007cf8a21bd77002ca45c9bccc711a2bd0.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot 2025-09-01 07:10:08 +00:00 committed by Krzesimir Nowak
parent fd4dd3bc00
commit 8d410d436b
1 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
sdk_container/src/third_party/portage-stable/eclass/fcaps.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# @ECLASS: fcaps.eclass # @ECLASS: fcaps.eclass
@ -84,13 +84,16 @@ esac
# appropriate path var ($D/$ROOT/etc...) will be prefixed based on the current # appropriate path var ($D/$ROOT/etc...) will be prefixed based on the current
# ebuild phase. # ebuild phase.
# #
# The caps mode (default 711) is used to set the permission on the file if # The caps mode is used to set the permission on the file if capabilities
# capabilities were properly set on the file. # were properly set on the file. No change is applied by default.
# #
# If the system is unable to set capabilities, it will use the specified user, # If the system is unable to set capabilities, it will use the specified user,
# group, and mode (presumably to make the binary set*id). The defaults there # group, and mode. The user and group default to 0. If mode is unspecified, no
# are 0:0 and 4711. Otherwise, the ownership and permissions will be # change is applied.
# unchanged. #
# For example, "-m u+s" may be used to enable suid as a fallback when file caps
# are unavailable. This should be used with care, typically when the
# application is written to handle dropping privileges itself.
fcaps() { fcaps() {
debug-print-function ${FUNCNAME} "$@" debug-print-function ${FUNCNAME} "$@"
@ -102,14 +105,9 @@ fcaps() {
# Process the user options first. # Process the user options first.
local owner='0' local owner='0'
local group='0' local group='0'
local mode=u+s local mode=
local caps_mode= local caps_mode=
if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then
mode=u+s,go-r
caps_mode=go-r
fi
while [[ $# -gt 0 ]] ; do while [[ $# -gt 0 ]] ; do
case $1 in case $1 in
-o) owner=$2; shift;; -o) owner=$2; shift;;
@ -143,12 +141,16 @@ fcaps() {
for file ; do for file ; do
[[ ${file} != /* ]] && file="${root}/${file}" [[ ${file} != /* ]] && file="${root}/${file}"
# Remove the read bits if requested.
if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then
chmod go-r "${file}" || die
fi
if use filecaps ; then if use filecaps ; then
# Try to set capabilities. Ignore errors when the # Try to set capabilities. Ignore errors when the
# fs doesn't support it, but abort on all others. # fs doesn't support it, but abort on all others.
debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'" debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'"
# Remove the read bits if requested.
if [[ -n ${caps_mode} ]]; then if [[ -n ${caps_mode} ]]; then
chmod ${caps_mode} "${file}" || die chmod ${caps_mode} "${file}" || die
fi fi
@ -182,11 +184,11 @@ fcaps() {
fi fi
# If we're still here, setcaps failed. # If we're still here, setcaps failed.
if [[ -n ${owner} || -n ${group} ]]; then
debug-print "${FUNCNAME}: setting owner on '${file}'"
chown "${owner}:${group}" "${file}" || die
fi
if [[ -n ${mode} ]]; then if [[ -n ${mode} ]]; then
if [[ -n ${owner} || -n ${group} ]]; then
debug-print "${FUNCNAME}: setting owner on '${file}'"
chown "${owner}:${group}" "${file}" || die
fi
debug-print "${FUNCNAME}: setting mode on '${file}'" debug-print "${FUNCNAME}: setting mode on '${file}'"
chmod ${mode} "${file}" || die chmod ${mode} "${file}" || die
fi fi