From 379c2618cfbc337625f809f63fd4cb22793eccf8 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 25 May 2010 08:56:10 -0700
Subject: Set file capability attributes

This sets file capability attributes during package
installation (and build) to allow better security models.
---
 debian/vyatta-cfg-system.postinst.in | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'debian')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 4265d14b..7778ea87 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -133,6 +133,10 @@ EOF
     done
 
     cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf
+
+     # Set file capabilities
+    sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' <$sysconfdir/filecaps \
+	| xargs -i sh -c "setcap {}"
 fi
 
 # create needed directories
-- 
cgit v1.2.3