Making an RPM which sets POSIX files capabilities

About

Asked 12/11, 2014 at 22:36 Answered 12/11, 2014 at 22:36

Solved linux rpm rpm-spec linux-capabilities

How does one make an RPM which sets the POSIX capabilities of a file? If I try doing rpmbuild as a non-root user then I get an error when my makefile's install hooks try to run setcap, but if I don't run setcap how will rpmbuild copy the capabilities? There doesn't seem to be any way to set the capability from within the RPM spec file.

Judithjuditha answered 12/11, 2014 at 22:36 Comment(0)

There is a spec file macro for setting capabilities, %caps; for some reason this seems to be mainly documented in the release notes and changelogs, so it took a while for me to find it.

It's used like this in the spec file:

%caps(cap_net_admin=pe) %{_sbindir}/foobar

To get make install to use setcap only when invoked by root, you can do something like this:

@if test `id -u` -eq 0; then \
    setcap cap_net_admin=pe $(DEST_SBINDIR)/foobar ; \
fi

Judithjuditha answered 12/11, 2014 at 22:36 Comment(2)

I wasn't able to get the %caps directive to work. Was getting syntax error near unexpected token `cap_net_raw+ep'. Found another solution using %post as described in this issue: github.com/schweikert/fping/issues/24#issue-5647305 – Pep 26/9, 2016 at 14:16

Hopefully undocumented for not too much longer. – Takeo 25/1 at 19:35

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags