diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-01 12:00:26 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-01 13:36:26 -0700 |
| commit | c2f18f972dacb630019cc229263efd2d8aef1428 (patch) | |
| tree | 3b735a7c45e0f6d46f620e10534c1929f331a576 | |
| parent | b5cd87672f770c3b6cc38a5cb19e6d8028c51524 (diff) | |
| download | vyatta-cfg-system-c2f18f972dacb630019cc229263efd2d8aef1428.tar.gz vyatta-cfg-system-c2f18f972dacb630019cc229263efd2d8aef1428.zip | |
Touch file before setting capability
Unionfs should copyup the xattr automatically, but it doesn't
so use touch to force a copyup before setting attributes.
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 7 | ||||
| -rw-r--r-- | sysconf/filecaps | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index dee13d4f..3c3c2e40 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -135,8 +135,11 @@ EOF cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf # Set file capabilities - sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' <$sysconfdir/filecaps \ - | xargs -i sh -c "setcap {}" + sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \ + while read capability path; do + touch -c $path + setcap $capability $path + done # Install pam_cap config cp $sysconfdir/capability.conf /etc/security/capability.conf diff --git a/sysconf/filecaps b/sysconf/filecaps index 1e06c0e8..189f9d16 100644 --- a/sysconf/filecaps +++ b/sysconf/filecaps @@ -6,7 +6,7 @@ cap_net_admin=pe /sbin/tc cap_net_admin=pe /bin/ip cap_net_admin=pe /sbin/iptables cap_net_admin=pe /sbin/ip6tables -cap_net_admin=pe/ /usr/sbin/ipset +cap_net_admin=pe /usr/sbin/ipset cap_net_admin=pe /usr/sbin/conntrack cap_net_admin=pe /usr/sbin/arp cap_net_admin=pe /usr/sbin/brctl |