rpms/smartmontools/F-11 smartmontools-5.38-lowcap.patch, NONE, 1.1 smartmontools.spec, 1.54, 1.55
Michal Hlavinka
mhlavink at fedoraproject.org
Thu Sep 3 09:04:56 UTC 2009
Author: mhlavink
Update of /cvs/extras/rpms/smartmontools/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21287
Modified Files:
smartmontools.spec
Added Files:
smartmontools-5.38-lowcap.patch
Log Message:
drop all unnecessary capabilities (#517728)
smartmontools-5.38-lowcap.patch:
Makefile.am | 2 +-
configure.in | 34 ++++++++++++++++++++++++++++++++++
smartd.cpp | 12 ++++++++++++
3 files changed, 47 insertions(+), 1 deletion(-)
--- NEW FILE smartmontools-5.38-lowcap.patch ---
diff -up smartmontools-5.38/configure.in.lowcap smartmontools-5.38/configure.in
--- smartmontools-5.38/configure.in.lowcap 2009-08-26 17:40:36.942297517 +0200
+++ smartmontools-5.38/configure.in 2009-08-26 17:40:36.951298527 +0200
@@ -143,6 +143,40 @@ if test "$with_selinux" = "yes"; then
AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
fi
+ AC_ARG_WITH(libcap-ng,
+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],,
+ with_libcap_ng=auto)
+
+# Check for Libcap-ng API
+#
+# libcap-ng detection
+
+if test x$with_libcap_ng = xno ; then
+ have_libcap_ng=no;
+else
+ # Start by checking for header file
+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
+
+ # See if we have libcap-ng library
+ AC_CHECK_LIB(cap-ng, capng_clear, CAPNG_LDADD=-lcap-ng,)
+
+ # Check results are usable
+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
+ fi
+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
+ fi
+fi
+AC_SUBST(CAPNG_LDADD)
+AC_MSG_CHECKING(whether to use libcap-ng)
+if test x$CAPNG_LDADD != x ; then
+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
if test "$prefix" = "NONE"; then
dnl no prefix and no mandir, so use ${prefix}/share/man as default
if test "$mandir" = '${prefix}/man'; then
diff -up smartmontools-5.38/Makefile.am.lowcap smartmontools-5.38/Makefile.am
--- smartmontools-5.38/Makefile.am.lowcap 2007-04-01 18:49:44.000000000 +0200
+++ smartmontools-5.38/Makefile.am 2009-08-26 17:40:36.951298527 +0200
@@ -35,7 +35,7 @@ smartd_SOURCES = smartd.cpp \
utility.cpp \
utility.h
-smartd_LDADD = @os_deps@ @os_libs@
+smartd_LDADD = @os_deps@ @os_libs@ @CAPNG_LDADD@
smartd_DEPENDENCIES = @os_deps@
EXTRA_smartd_SOURCES = os_darwin.cpp \
diff -up smartmontools-5.38/smartd.cpp.lowcap smartmontools-5.38/smartd.cpp
--- smartmontools-5.38/smartd.cpp.lowcap 2009-08-26 17:40:36.937297475 +0200
+++ smartmontools-5.38/smartd.cpp 2009-08-26 17:57:48.558423011 +0200
@@ -74,6 +74,10 @@ extern "C" int __stdcall FreeConsole(voi
#include <io.h> // setmode()
#endif // __CYGWIN__
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif //LIBCAP_NG
+
// locally included files
#include "int64.h"
#include "atacmds.h"
@@ -4408,6 +4412,14 @@ static int smartd_main(int argc, char **
// don't exit on bad checksums
con->checksumfail=0;
+
+#ifdef HAVE_LIBCAP_NG
+ // Drop capabilities
+ capng_clear(CAPNG_SELECT_BOTH);
+ capng_updatev(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED),
+ CAP_SYS_ADMIN, CAP_SYS_RAWIO, -1);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif
// the main loop of the code
while (1){
Index: smartmontools.spec
===================================================================
RCS file: /cvs/extras/rpms/smartmontools/F-11/smartmontools.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -r1.54 -r1.55
--- smartmontools.spec 11 Jun 2009 08:43:32 -0000 1.54
+++ smartmontools.spec 3 Sep 2009 09:04:56 -0000 1.55
@@ -1,21 +1,22 @@
-Summary: Tools for monitoring SMART capable hard disks
-Name: smartmontools
-Version: 5.38
-Release: 12%{?dist}
-Epoch: 1
-Group: System Environment/Base
-License: GPLv2+
-URL: http://smartmontools.sourceforge.net/
-Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-Source1: smartd.initd
-Source2: smartmontools.sysconf
-Patch1: smartmontools-5.38-cloexec.patch
-Patch2: smartmontools-5.37-addrinfo.patch
-Patch3: smartmontools-5.38-perc.patch
-Patch4: smartmontools-5.38-selinux.patch
-Patch5: smartmontools-5.38-defaultconf.patch
-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-Requires: fileutils mailx chkconfig initscripts
+Name: smartmontools
+Version: 5.38
+Release: 13%{?dist}
+Epoch: 1
+Summary: Tools for monitoring SMART capable hard disks
+Group: System Environment/Base
+License: GPLv2+
+URL: http://smartmontools.sourceforge.net/
+Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Source1: smartd.initd
+Source2: smartmontools.sysconf
+Patch1: smartmontools-5.38-cloexec.patch
+Patch2: smartmontools-5.37-addrinfo.patch
+Patch3: smartmontools-5.38-perc.patch
+Patch4: smartmontools-5.38-selinux.patch
+Patch5: smartmontools-5.38-defaultconf.patch
+Patch6: smartmontools-5.38-lowcap.patch
+BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+Requires: fileutils mailx chkconfig initscripts
BuildRequires: readline-devel ncurses-devel /usr/bin/aclocal util-linux groff gettext
BuildRequires: libselinux-devel automake
@@ -34,6 +35,7 @@ failure.
%patch3 -p1 -b .perc
%patch4 -p1 -b .selinux
%patch5 -p1 -b .defaultconf
+%patch6 -p1 -b .lowcap
%build
./autogen.sh
@@ -76,6 +78,9 @@ fi
%config(noreplace) %{_sysconfdir}/sysconfig/smartmontools
%changelog
+* Wed Aug 05 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:5.38-13
+- drop all unnecessary capabilities (#517728)
+
* Thu Jun 11 2009 Michal Hlavinka <mhlavink at redhat.com> - 1:5.38-12
- add automake to buildrequires
More information about the fedora-extras-commits
mailing list