Improve capabilities patch to be able to run with PARANOIA & EARLY_CHROOT (#699713)

2011-07-25 16:50:15 +02:00 · 2011-07-25 16:50:15 +02:00 · 0ab9732c2e
commit 0ab9732c2e
parent e3472df151
2 changed files with 5 additions and 2 deletions
--- a/dhcp-4.2.2-capability.patch
+++ b/dhcp-4.2.2-capability.patch
@ -283,7 +283,7 @@ diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c
 +	if (!keep_capabilities) {
 +		capng_clear(CAPNG_SELECT_BOTH);
 +		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1);
 +		capng_apply(CAPNG_SELECT_BOTH);
 +		log_info ("Dropped all unnecessary capabilities.");
 +	}
--- a/dhcp.spec
+++ b/dhcp.spec
@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.2
-Release:  0.2.%{prever}%{?dist}
+Release:  0.3.%{prever}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@ -644,6 +644,9 @@ fi
 %{_initddir}/dhcrelay

 %changelog
+* Mon Jul 25 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-0.3.rc1
+- Improve capabilities patch to be able to run with PARANOIA & EARLY_CHROOT (#699713)
+
 * Mon Jul 18 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-0.2.rc1
 - 4.2.2rc1