Merge pull request #136 from giuseppe/fcap-newuidmap-newgidmap
newuidmap/newgidmap: install with file capabilities
This commit is contained in:
commit
bb3f810611
14
configure.ac
14
configure.ac
|
@ -600,6 +600,19 @@ if test "$enable_acct_tools_setuid" != "no"; then
|
||||||
fi
|
fi
|
||||||
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
||||||
|
|
||||||
|
|
||||||
|
AC_ARG_WITH(fcaps,
|
||||||
|
[AC_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
|
||||||
|
[with_fcaps=$withval], [with_fcaps=no])
|
||||||
|
AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
|
||||||
|
|
||||||
|
if test "x$with_fcaps" = "xyes"; then
|
||||||
|
AC_CHECK_PROGS(capcmd, "setcap")
|
||||||
|
if test "x$capcmd" = "x" ; then
|
||||||
|
AC_MSG_ERROR([setcap command not available])
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
AC_SUBST(LIBSKEY)
|
AC_SUBST(LIBSKEY)
|
||||||
AC_SUBST(LIBMD)
|
AC_SUBST(LIBMD)
|
||||||
if test "$with_skey" = "yes"; then
|
if test "$with_skey" = "yes"; then
|
||||||
|
@ -684,4 +697,5 @@ echo " SHA passwords encryption: $with_sha_crypt"
|
||||||
echo " nscd support: $with_nscd"
|
echo " nscd support: $with_nscd"
|
||||||
echo " sssd support: $with_sssd"
|
echo " sssd support: $with_sssd"
|
||||||
echo " subordinate IDs support: $enable_subids"
|
echo " subordinate IDs support: $enable_subids"
|
||||||
|
echo " use file caps: $with_fcaps"
|
||||||
echo
|
echo
|
||||||
|
|
|
@ -61,8 +61,10 @@ if ACCT_TOOLS_SETUID
|
||||||
suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
|
suidubins += chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
|
||||||
endif
|
endif
|
||||||
if ENABLE_SUBIDS
|
if ENABLE_SUBIDS
|
||||||
|
if !FCAPS
|
||||||
suidubins += newgidmap newuidmap
|
suidubins += newgidmap newuidmap
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
if WITH_TCB
|
if WITH_TCB
|
||||||
shadowsgidubins = passwd
|
shadowsgidubins = passwd
|
||||||
|
@ -138,3 +140,9 @@ if WITH_TCB
|
||||||
chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
|
chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
|
||||||
done
|
done
|
||||||
endif
|
endif
|
||||||
|
if ENABLE_SUBIDS
|
||||||
|
if FCAPS
|
||||||
|
setcap cap_setuid+ep $(DESTDIR)$(ubindir)/newuidmap
|
||||||
|
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
Loading…
Reference in New Issue
Block a user