diff options
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 7 | ||||
| -rw-r--r-- | sysconf/filecaps | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index dee13d4f..3c3c2e40 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -135,8 +135,11 @@ EOF cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf # Set file capabilities - sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' <$sysconfdir/filecaps \ - | xargs -i sh -c "setcap {}" + sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \ + while read capability path; do + touch -c $path + setcap $capability $path + done # Install pam_cap config cp $sysconfdir/capability.conf /etc/security/capability.conf diff --git a/sysconf/filecaps b/sysconf/filecaps index 1e06c0e8..189f9d16 100644 --- a/sysconf/filecaps +++ b/sysconf/filecaps @@ -6,7 +6,7 @@ cap_net_admin=pe /sbin/tc cap_net_admin=pe /bin/ip cap_net_admin=pe /sbin/iptables cap_net_admin=pe /sbin/ip6tables -cap_net_admin=pe/ /usr/sbin/ipset +cap_net_admin=pe /usr/sbin/ipset cap_net_admin=pe /usr/sbin/conntrack cap_net_admin=pe /usr/sbin/arp cap_net_admin=pe /usr/sbin/brctl |