On Fri, 21 Mar 2014, Axel Beckert wrote: > Sven-Haegar Koch wrote: > > On Fri, 21 Mar 2014, Axel Beckert wrote: > > > Am I right that you are installing this on a machine with an > > > individual kernel which doesn't support POSIX capabilities? > > > > Correct. > > Thanks. I wonder how to handle this case. I've looked into other > packages which should have the same problem to solve and how they > solved it.
This is what iputils-ping uses in postinst: if [ "$1" = configure ]; then # If we have setcap is installed, try setting cap_net_raw+ep, # which allows us to install our binaries without the setuid # bit. if command -v setcap > /dev/null; then if setcap cap_net_raw+ep /bin/ping cap_net_raw+ep /bin/ping6; then echo "Setcap worked! Ping(6) is not suid!" else echo "Setcap failed on /bin/ping, falling back to setuid" >&2 chmod u+s /bin/ping /bin/ping6 fi else echo "Setcap is not installed, falling back to setuid" >&2 chmod u+s /bin/ping /bin/ping6 fi fi c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org