diff options
author | Sami Kerola <kerolasa@iki.fi> | 2018-10-16 22:10:06 +0100 |
---|---|---|
committer | Sami Kerola <kerolasa@iki.fi> | 2018-10-16 22:21:57 +0100 |
commit | 46d08f2080ad61b1d2fb2e5817fa04e5ca0db76b (patch) | |
tree | aa7be8d05e0730b243e41b65535171e6697a6d90 | |
parent | bf0530d807f46659dd899ec02870bf5006c12313 (diff) | |
download | iputils-46d08f2080ad61b1d2fb2e5817fa04e5ca0db76b.tar.gz |
build-sys: add cap_net_raw to arping, clockdiff and rarpd
The arping and clockdiff are command line tools, so it need file system
capability bit. The rarpd is ran by systemd and changing unit file is
better.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
-rw-r--r-- | meson.build | 25 | ||||
-rw-r--r-- | systemd/rarpd.service.in | 2 |
2 files changed, 21 insertions, 6 deletions
diff --git a/meson.build b/meson.build index 142ebe9..bc92e6e 100644 --- a/meson.build +++ b/meson.build @@ -171,17 +171,18 @@ config_h = configure_file( output : 'config.h', configuration : conf) +setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false) +if cap_dep.found() and setcap.found() + perm_type = 'caps' +else + perm_type = 'setuid' +endif + ############################################################ if build_ping == true executable('ping', ['ping.c', 'ping_common.c', 'ping6_common.c', git_version_h], dependencies : [m_dep, cap_dep, idn_dep, crypto_dep, resolv_dep], install: true) - setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false) - if cap_dep.found() and setcap.found() - perm_type = 'caps' - else - perm_type = 'setuid' - endif meson.add_install_script('build-aux/setcap-setuid.sh', join_paths(get_option('prefix'), get_option('bindir')), 'ping', @@ -206,6 +207,12 @@ if build_clockdiff == true executable('clockdiff', ['clockdiff.c', git_version_h], dependencies : [cap_dep], install: true) + meson.add_install_script('build-aux/setcap-setuid.sh', + join_paths(get_option('prefix'), get_option('bindir')), + 'clockdiff', + perm_type, + setcap.path() + ) endif if build_rinfod == true @@ -217,6 +224,12 @@ if build_arping == true executable('arping', ['arping.c', git_version_h], dependencies : [rt_dep, cap_dep, idn_dep], install: true) + meson.add_install_script('build-aux/setcap-setuid.sh', + join_paths(get_option('prefix'), get_option('bindir')), + 'arping', + perm_type, + setcap.path() + ) endif if build_tftpd == true diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in index d161785..e600c10 100644 --- a/systemd/rarpd.service.in +++ b/systemd/rarpd.service.in @@ -8,6 +8,8 @@ After=network.target EnvironmentFile=-/etc/sysconfig/rarpd ExecStart=@sbindir@/rarpd -d $OPTIONS %i +AmbientCapabilities=CAP_NET_RAW +DynamicUser=yes PrivateTmp=yes PrivateDevices=yes PrivateUsers=yes |