From c2f18f972dacb630019cc229263efd2d8aef1428 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Thu, 1 Jul 2010 12:00:26 -0700
Subject: Touch file before setting capability

Unionfs should copyup the xattr automatically, but it doesn't
so use touch to force a copyup before setting attributes.
---
 debian/vyatta-cfg-system.postinst.in | 7 +++++--
 sysconf/filecaps                     | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index dee13d4f..3c3c2e40 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -135,8 +135,11 @@ EOF
     cp $sysconfdir/vyatta-sysctl.conf /etc/sysctl.d/30-vyatta-router.conf
 
      # Set file capabilities
-    sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' <$sysconfdir/filecaps \
-	| xargs -i sh -c "setcap {}"
+    sed -r -e '/^#/d' -e '/^[[:blank:]]*$/d' < $sysconfdir/filecaps | \
+    while read capability path; do 
+       touch -c $path
+       setcap $capability $path
+    done
 
     # Install pam_cap config
     cp $sysconfdir/capability.conf /etc/security/capability.conf
diff --git a/sysconf/filecaps b/sysconf/filecaps
index 1e06c0e8..189f9d16 100644
--- a/sysconf/filecaps
+++ b/sysconf/filecaps
@@ -6,7 +6,7 @@ cap_net_admin=pe	/sbin/tc
 cap_net_admin=pe	/bin/ip
 cap_net_admin=pe	/sbin/iptables
 cap_net_admin=pe	/sbin/ip6tables
-cap_net_admin=pe/	/usr/sbin/ipset
+cap_net_admin=pe	/usr/sbin/ipset
 cap_net_admin=pe	/usr/sbin/conntrack
 cap_net_admin=pe	/usr/sbin/arp
 cap_net_admin=pe	/usr/sbin/brctl
-- 
cgit v1.2.3