rpms/smartmontools/devel smartmontools-5.38-lowcap.patch, NONE, 1.1 smartmontools.spec, 1.56, 1.57

Fri Aug 21 11:02:45 UTC 2009

Author: mhlavink

Update of /cvs/extras/rpms/smartmontools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2679

Modified Files:
	smartmontools.spec 
Added Files:
	smartmontools-5.38-lowcap.patch 
Log Message:
drop all unnecessary capabilities (#517728)


smartmontools-5.38-lowcap.patch:
 Makefile.am  |    2 +-
 configure.in |    2 ++
 smartd.cpp   |   12 ++++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

--- NEW FILE smartmontools-5.38-lowcap.patch ---
diff -urp smartmontools-5.38.orig/configure.in smartmontools-5.38/configure.in
--- smartmontools-5.38.orig/configure.in	2009-08-16 07:42:57.000000000 -0400
+++ smartmontools-5.38/configure.in	2009-08-16 08:07:53.000000000 -0400
@@ -143,6 +143,8 @@ if test "$with_selinux" = "yes"; then
 	AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
 fi
 
+LIBCAP_NG_PATH
+
 if test "$prefix" = "NONE"; then
     dnl no prefix and no mandir, so use ${prefix}/share/man as default
     if test "$mandir" = '${prefix}/man'; then
diff -urp smartmontools-5.38.orig/Makefile.am smartmontools-5.38/Makefile.am
--- smartmontools-5.38.orig/Makefile.am	2009-08-16 07:42:57.000000000 -0400
+++ smartmontools-5.38/Makefile.am	2009-08-16 08:07:53.000000000 -0400
@@ -35,7 +35,7 @@ smartd_SOURCES =  smartd.cpp      \
                   utility.cpp     \
                   utility.h
 
-smartd_LDADD = @os_deps@ @os_libs@
+smartd_LDADD = @os_deps@ @os_libs@ @CAPNG_LDADD@
 smartd_DEPENDENCIES = @os_deps@
 
 EXTRA_smartd_SOURCES = os_darwin.cpp    \
diff -urp smartmontools-5.38.orig/smartd.cpp smartmontools-5.38/smartd.cpp
--- smartmontools-5.38.orig/smartd.cpp	2009-08-16 07:42:57.000000000 -0400
+++ smartmontools-5.38/smartd.cpp	2009-08-16 08:08:27.000000000 -0400
@@ -74,6 +74,10 @@ extern "C" int __stdcall FreeConsole(voi
 #include <io.h> // setmode()
 #endif // __CYGWIN__
 
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif //LIBCAP_NG
+
 // locally included files
 #include "int64.h"
 #include "atacmds.h"
@@ -4408,6 +4412,14 @@ static int smartd_main(int argc, char **
   
   // don't exit on bad checksums
   con->checksumfail=0;
+
+#ifdef HAVE_LIBCAP_NG
+  // Drop capabilities
+  capng_clear(CAPNG_SELECT_BOTH);
+  capng_update(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED),
+               CAP_SYS_ADMIN);
+  capng_apply(CAPNG_SELECT_BOTH);
+#endif
   
   // the main loop of the code
   while (1){


Index: smartmontools.spec
===================================================================
RCS file: /cvs/extras/rpms/smartmontools/devel/smartmontools.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -p -r1.56 -r1.57
--- smartmontools.spec	27 Jul 2009 04:28:47 -0000	1.56
+++ smartmontools.spec	21 Aug 2009 11:02:44 -0000	1.57
@@ -1,7 +1,7 @@
 Summary:	Tools for monitoring SMART capable hard disks
 Name:		smartmontools
 Version:	5.38
-Release: 	13%{?dist}
+Release: 	14%{?dist}
 Epoch:		1
 Group:		System Environment/Base
 License:	GPLv2+
@@ -14,6 +14,7 @@ Patch2:     smartmontools-5.37-addrinfo.
 Patch3:     smartmontools-5.38-perc.patch
 Patch4:     smartmontools-5.38-selinux.patch
 Patch5:     smartmontools-5.38-defaultconf.patch
+Patch6:     smartmontools-5.38-lowcap.patch
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires:	fileutils mailx chkconfig initscripts
 BuildRequires: readline-devel ncurses-devel /usr/bin/aclocal util-linux groff gettext
@@ -34,6 +35,7 @@ failure.
 %patch3 -p1 -b .perc
 %patch4 -p1 -b .selinux
 %patch5 -p1 -b .defaultconf
+%patch6 -p1 -b .lowcap
 
 %build
 %configure --with-selinux
@@ -75,6 +77,9 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/smartmontools
 
 %changelog
+* Fri Aug 21 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:5.38-14
+- drop all unnecessary capabilities (#517728)
+
 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:5.38-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 


