[lxc-devel] [PATCH] Move back setcap for lxc-init
Daniel Lezcano
dlezcano at fr.ibm.com
Sun Mar 22 22:24:03 UTC 2009
Guido Trotter wrote:
> Putting setcap cap_sys_admin=ep $(libexecdir)/lxc-init in the
> install-libexecPROGRAMS: overrides the default version of the target,
> making lxc-init not actually installed anymore. Removing the overridden
> target, and putting the setcap back where it was, in install-exec-local,
> just with the correct path.
>
> Signed-off-by: Guido Trotter <ultrotter at quaqua.net>
> ---
> src/lxc/Makefile.am | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index 28b7ac4..c2c33dd 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -128,9 +128,6 @@ lxc_restart_LDADD = liblxc.la
> lxc_version_SOURCES = lxc_version.c
> lxc_version_LDADD = liblxc.la
>
> -install-libexecPROGRAMS:
> - setcap cap_sys_admin=ep $(libexecdir)/lxc-init
> -
> install-exec-local:
> - at export PATH=$$PATH:/sbin:/usr/sbin && \
> mkdir -p $(localstatedir) && \
> @@ -140,6 +137,8 @@ install-exec-local:
> setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
> $(bindir)/lxc-execute && \
> \
> + setcap cap_sys_admin=ep $(libexecdir)/lxc-init && \
> + \
> setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
> $(bindir)/lxc-start && \
> \
Well I tried this before but it looks like the lxc-init is not yet
installed when we are trying to set the capabilty.
You can check this by doing 'make uninstall install'
I am wondering if creating a script to set these capabilities and call
it at a post install rule won't be better.
- the script can be reused in the different package templates (eg.
lxc.spec.in)
- called from the Makefile
- and called manually from the shell
More information about the lxc-devel
mailing list