webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

stripper: Handle capabilities

Browse Source 
During the build process, we set capabilities to elevate privileges of
certain progrems (e.g. ping). These have been removed during the build
process because of strip.

This patch collects any capabilities from all files that are being
stripped and restores them after calling strip.

Fixes: #12652
Reported-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2021-07-09 16:17:43 +00:00
parent db7ef52a91
commit 37ef9fe4e0
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/stripper
View File

@@ -27,6 +27,10 @@ function _strip() {
fi
done
# Fetch any capabilities
local capabilities="$(getfattr --no-dereference --name="security.capability" \
--absolute-names --dump "${file}")"
local cmd=( "${strip}" )
case "$(file -bi ${file})" in
@@ -40,6 +44,11 @@ function _strip() {
echo "Stripping ${file}..."
${cmd[*]} ${file}
# Restore capabilities
if [ -n "${capabilities}" ]; then
setfattr --no-dereference --restore=<(echo "${capabilities}")
fi
}
for dir in ${dirs}; do