rpms/dhcp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- move /etc/dhcp.conf to /etc/dhcp.conf.rpmsave in %post (#561094)

Browse Source 
- document -nc option in dhclient(8) man page
This commit is contained in:
Jiří Popelka 2010-02-03 17:48:51 +00:00
parent 79859968bb
commit cd8c86f398
2 changed files with 49 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
dhcp-4.1.1-capability.patch
View File

@ -1,6 +1,42 @@
diff -up dhcp-4.1.1/client/dhclient.8.capability dhcp-4.1.1/client/dhclient.8
--- dhcp-4.1.1/client/dhclient.8.capability 2010-02-03 11:19:39.854958099 -0500
+++ dhcp-4.1.1/client/dhclient.8 2010-02-03 11:44:57.949895909 -0500
@@ -381,6 +381,32 @@ Do not configure any interfaces. Most u
option.
.TP
+.BI \-nc
+Do not drop capabilities.
+
+Normally, if
+.B dhclient
+was compiled with libcap-ng support,
+.B dhclient
+drops most capabilities immediately upon startup. While more secure,
+this greatly restricts the additional actions that hooks in
+.B dhclient-script (8)
+can take. (For example, any daemons that
+.B dhclient-script (8)
+starts or restarts will inherit the restricted capabilities as well,
+which may interfere with their correct operation.) Thus, the
+.BI \-nc
+option can be used to prevent
+.B dhclient
+from dropping capabilities.
+
+The
+.BI \-nc
+option is ignored if
+.B dhclient
+was not compiled with libcap-ng support.
+
+.TP
.BI \-nw
Become a daemon process immediately (nowait) rather than waiting until an IP
address has been acquired.
diff -up dhcp-4.1.1/client/dhclient.c.capability dhcp-4.1.1/client/dhclient.c diff -up dhcp-4.1.1/client/dhclient.c.capability dhcp-4.1.1/client/dhclient.c
--- dhcp-4.1.1/client/dhclient.c.capability 2010-02-02 11:58:29.000000000 +0100 --- dhcp-4.1.1/client/dhclient.c.capability 2010-02-03 11:19:39.876957973 -0500
+++ dhcp-4.1.1/client/dhclient.c 2010-02-02 12:04:39.000000000 +0100 +++ dhcp-4.1.1/client/dhclient.c 2010-02-03 11:46:14.665957658 -0500
@@ -37,6 +37,9 @@ @@ -37,6 +37,9 @@
#include <sys/time.h> #include <sys/time.h>
#include <sys/wait.h> #include <sys/wait.h>
@ -25,8 +61,8 @@ diff -up dhcp-4.1.1/client/dhclient.c.capability dhcp-4.1.1/client/dhclient.c
} }
dhclient_request_options = argv[i]; dhclient_request_options = argv[i];
+#ifdef HAVE_LIBCAP_NG
+ } else if (!strcmp(argv[i], "-nc")) { + } else if (!strcmp(argv[i], "-nc")) {
+#ifdef HAVE_LIBCAP_NG
+ keep_capabilities = 1; + keep_capabilities = 1;
+#endif +#endif
} else if (argv[i][0] == '-') { } else if (argv[i][0] == '-') {
@ -53,8 +89,8 @@ diff -up dhcp-4.1.1/client/dhclient.c.capability dhcp-4.1.1/client/dhclient.c
initialize_common_option_spaces(); initialize_common_option_spaces();
diff -up dhcp-4.1.1/client/Makefile.am.capability dhcp-4.1.1/client/Makefile.am diff -up dhcp-4.1.1/client/Makefile.am.capability dhcp-4.1.1/client/Makefile.am
--- dhcp-4.1.1/client/Makefile.am.capability 2008-11-18 23:33:22.000000000 +0100 --- dhcp-4.1.1/client/Makefile.am.capability 2008-11-18 17:33:22.000000000 -0500
+++ dhcp-4.1.1/client/Makefile.am 2010-02-02 12:05:31.000000000 +0100 +++ dhcp-4.1.1/client/Makefile.am 2010-02-03 11:19:39.895958083 -0500
@@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c @@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c
scripts/netbsd scripts/nextstep scripts/openbsd \ scripts/netbsd scripts/nextstep scripts/openbsd \
scripts/solaris scripts/openwrt scripts/solaris scripts/openwrt
@ -65,8 +101,8 @@ diff -up dhcp-4.1.1/client/Makefile.am.capability dhcp-4.1.1/client/Makefile.am
EXTRA_DIST = $(man_MANS) EXTRA_DIST = $(man_MANS)
diff -up dhcp-4.1.1/configure.ac.capability dhcp-4.1.1/configure.ac diff -up dhcp-4.1.1/configure.ac.capability dhcp-4.1.1/configure.ac
--- dhcp-4.1.1/configure.ac.capability 2010-02-02 11:58:29.000000000 +0100 --- dhcp-4.1.1/configure.ac.capability 2010-02-03 11:19:39.806895971 -0500
+++ dhcp-4.1.1/configure.ac 2010-02-02 12:07:04.000000000 +0100 +++ dhcp-4.1.1/configure.ac 2010-02-03 11:19:39.895958083 -0500
@@ -419,6 +419,41 @@ AC_TRY_LINK( @@ -419,6 +419,41 @@ AC_TRY_LINK(
# Look for optional headers. # Look for optional headers.
AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)

7
dhcp.spec
View File

@ -13,7 +13,7 @@
Summary: Dynamic host configuration protocol software Summary: Dynamic host configuration protocol software
Name: dhcp Name: dhcp
Version: %{basever} Version: %{basever}
Release: 2%{?dist} Release: 3%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and # dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was. # that's why it is at 12 now. It should have never been used, but it was.
@ -384,6 +384,7 @@ prevconf="%{_sysconfdir}/dhcpd.conf"
if [ ! -z "${prevconf}" ]; then if [ ! -z "${prevconf}" ]; then
if [ ! -f %{dhcpconfdir}/dhcpd.conf -o "${sampleconf}" = "${contents}" ]; then if [ ! -f %{dhcpconfdir}/dhcpd.conf -o "${sampleconf}" = "${contents}" ]; then
/bin/cp -a ${prevconf} %{dhcpconfdir}/dhcpd.conf >/dev/null 2>&1 /bin/cp -a ${prevconf} %{dhcpconfdir}/dhcpd.conf >/dev/null 2>&1
/bin/mv ${prevconf} ${prevconf}.rpmsave >/dev/null 2>&1
if [ -x /sbin/restorecon ]; then if [ -x /sbin/restorecon ]; then
/sbin/restorecon %{dhcpconfdir}/dhcpd.conf >/dev/null 2>&1 /sbin/restorecon %{dhcpconfdir}/dhcpd.conf >/dev/null 2>&1
fi fi
@ -499,6 +500,10 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog %changelog
* Wed Feb 03 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-3
- move /etc/dhcp.conf to /etc/dhcp.conf.rpmsave in %%post (#561094)
- document -nc option in dhclient(8) man page
* Tue Feb 02 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-2 * Tue Feb 02 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-2
- Fix capability patch (#546765) - Fix capability patch (#546765)