On Fri, 21 Mar 2014, Axel Beckert wrote:
> Sven-Haegar Koch wrote:
> > On Fri, 21 Mar 2014, Axel Beckert wrote:
> > > Am I right that you are installing this on a machine with an
> > > individual kernel which doesn't support POSIX capabilities?
> >
> > Correct.
>
> Thanks. I wonder how to handle this case. I've looked into other
> packages which should have the same problem to solve and how they
> solved it.
This is what iputils-ping uses in postinst:
if [ "$1" = configure ]; then
# If we have setcap is installed, try setting cap_net_raw+ep,
# which allows us to install our binaries without the setuid
# bit.
if command -v setcap > /dev/null; then
if setcap cap_net_raw+ep /bin/ping cap_net_raw+ep /bin/ping6; then
echo "Setcap worked! Ping(6) is not suid!"
else
echo "Setcap failed on /bin/ping, falling back to setuid" >&2
chmod u+s /bin/ping /bin/ping6
fi
else
echo "Setcap is not installed, falling back to setuid" >&2
chmod u+s /bin/ping /bin/ping6
fi
fi
c'ya
sven-haegar
--
Three may keep a secret, if two of them are dead.
- Ben F.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
