[Buildroot] [RFC PATCH v4 2/2] iputils: add capability for clockdiff, ping, traceroute6

Petr Vorel petr.vorel at gmail.com
Wed Jul 31 22:24:01 UTC 2019


Hi Thomas, Yann,

I've sent v5 before your mail, sorry for forgetting to Cc you.
> Hello,

> On Wed, 31 Jul 2019 18:00:59 +0200
> "Yann E. MORIN" <yann.morin.1998 at free.fr> wrote:

> > > Use cap_net_raw+p (drop +e) as upstream sets that via
> > > cap_set_flag(), see https://github.com/iputils/iputils/issues/194  

> > So, now we set the capabilities to those exectuables, do they still need
> > to be setuid?

> > But then, if one really does not want xattr, setuid is still required.

> Ah, yes, indeed.

> > So, we have no way to express that a file should have either setuid or
> > xattrs, except as a big if-block like:

> >     ifeq ($(BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES),y)
> >     define IPUTILS_PERMISSIONS
> >         /usr/bin/clockdiff    f 0755 0 0 - - - - -
> >         |xattr cap_net_raw+p
> >     endef
> >     else
> >     define IPUTILS_PERMISSIONS
> >         /usr/bin/clockdiff    f 4755 0 0 - - - - -
> >     endef
> >     endif

> > ... which is what we were trying to avoid in the firstplace...

> Yes, but I believe it's the best solution for now, let's keep a
> conditional like you're showing here. Which of course makes the change
> to makedevs no longer relevant.
Sure :). So merge the original version [1], related only to iputils?

> I really hope Petr is not going to hate us for all the discussion, back
> and forth and change of mind/opinion about this topic :-/
No, not at all :).

Kind regards,
Petr

[1] https://patchwork.ozlabs.org/patch/1138055/



More information about the buildroot mailing list