[Buildroot] [RFC PATCH v4 2/2] iputils: add capability for clockdiff, ping, traceroute6
Petr Vorel
petr.vorel at gmail.com
Wed Jul 31 22:24:01 UTC 2019
Hi Thomas, Yann,
I've sent v5 before your mail, sorry for forgetting to Cc you.
> Hello,
> On Wed, 31 Jul 2019 18:00:59 +0200
> "Yann E. MORIN" <yann.morin.1998 at free.fr> wrote:
> > > Use cap_net_raw+p (drop +e) as upstream sets that via
> > > cap_set_flag(), see https://github.com/iputils/iputils/issues/194
> > So, now we set the capabilities to those exectuables, do they still need
> > to be setuid?
> > But then, if one really does not want xattr, setuid is still required.
> Ah, yes, indeed.
> > So, we have no way to express that a file should have either setuid or
> > xattrs, except as a big if-block like:
> > ifeq ($(BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES),y)
> > define IPUTILS_PERMISSIONS
> > /usr/bin/clockdiff f 0755 0 0 - - - - -
> > |xattr cap_net_raw+p
> > endef
> > else
> > define IPUTILS_PERMISSIONS
> > /usr/bin/clockdiff f 4755 0 0 - - - - -
> > endef
> > endif
> > ... which is what we were trying to avoid in the firstplace...
> Yes, but I believe it's the best solution for now, let's keep a
> conditional like you're showing here. Which of course makes the change
> to makedevs no longer relevant.
Sure :). So merge the original version [1], related only to iputils?
> I really hope Petr is not going to hate us for all the discussion, back
> and forth and change of mind/opinion about this topic :-/
No, not at all :).
Kind regards,
Petr
[1] https://patchwork.ozlabs.org/patch/1138055/
More information about the buildroot
mailing list