summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/control1
-rw-r--r--debian/vyatta-cfg-system.postinst.in11
2 files changed, 12 insertions, 0 deletions
diff --git a/debian/control b/debian/control
index c1d19a95..57fdb2c7 100644
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,7 @@ Depends: acpid,
vyatta-keepalived (>= 1.1.15-1-vyatta-5),
bridge-utils,
ethtool,
+ libcap2-bin,
ssh (>= 1:5.1p1-5),
openssh-server (>= 1:5.1p1-5),
ed,
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index b2719bc5..288ea7c5 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -154,6 +154,17 @@ dpkg-reconfigure -f noninteractive openssh-server
rm -f /etc/ssh/*.broken
update-rc.d -f ssh remove >/dev/null
+#
+# Set extended capabilities on some files
+setcap cap_net_admin+e /usr/sbin/ethtool
+setcap cap_sys_admin+e /sbin/sysctl
+setcap cap_audit_write+e /bin/vbash
+setcap cap_net_admin+e /sbin/ip
+setcap cap_net_admin+e /sbin/tc cap_net_admin+e /sbin/ip
+setcap cap_net_admin+e /usr/sbin/arp
+setcap cap_net_admin+e /sbin/iptables cap_net_admin+e /sbin/ip6tables
+setcap cap_net_admin+e /usr/sbin/conntrack
+
# Fix up PAM configuration for login so that invalid users are prompted
# for password
sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login