diff options
author | Lubomir Rintel <lkundrak@v3.sk> | 2017-03-16 12:07:52 +0100 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2017-04-04 09:33:23 +0300 |
commit | 0216aaec69feb0bb619dbc59ed77db6de3902b0c (patch) | |
tree | 4c392b0b60fdba22e50ed80a0a5b2ed03842b526 | |
parent | b8b5cdb09faa87c25cb71c4c6c3bdd0420e71915 (diff) | |
download | rpm-0216aaec69feb0bb619dbc59ed77db6de3902b0c.tar.gz |
Accept --nocaps also for the package installation
Makes it possible to work around trouble of installing packages that use
file capabilities in user namespaces.
It simply ignores the capabilities as opposed to setting a setuid bit.
This is a safer things to do, but possibly has a negative impact on some tools
(such as ping being usable only by the superuser).
https://bugzilla.redhat.com/show_bug.cgi?id=648654
-rw-r--r-- | doc/rpm.8 | 9 | ||||
-rw-r--r-- | lib/fsm.c | 8 | ||||
-rw-r--r-- | lib/poptI.c | 6 | ||||
-rw-r--r-- | lib/poptQV.c | 9 | ||||
-rw-r--r-- | lib/rpmcli.h | 1 | ||||
-rw-r--r-- | lib/rpmts.h | 3 | ||||
-rw-r--r-- | python/rpmmodule.c | 1 |
7 files changed, 29 insertions, 8 deletions
@@ -97,7 +97,8 @@ Scripts and triggers: [\fB--excludedocs\fR] [\fB--force\fR] [\fB-h,--hash\fR] [\fB--ignoresize\fR] [\fB--ignorearch\fR] [\fB--ignoreos\fR] [\fB--includedocs\fR] [\fB--justdb\fR] - [\fB--nodeps\fR] [\fB--nodigest\fR] [\fB--noplugins\fR] [\fB--noorder\fR] + [\fB--nodeps\fR] [\fB--nodigest\fR] [\fB--noplugins\fR] + [\fB--nocaps\fR] [\fB--noorder\fR] [\fB--nosignature\fR] [\fB--noscripts\fR] [\fB--notriggers\fR] [\fB--oldpackage\fR] [\fB--percent\fR] [\fB--prefix \fINEWPATH\fB\fR] [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR] @@ -297,6 +298,9 @@ Don't verify package or header signatures when reading. Don't do a dependency check before installing or upgrading a package. .TP +\fB--nocaps\fR +Don't set file capabilities. +.TP \fB--noorder\fR Don't reorder the packages for an install. The list of packages would normally be reordered to satisfy dependencies. @@ -773,6 +777,9 @@ Don't verify package or header signatures when reading. .TP \fB--nordev\fR Don't verify the corresponding file attribute. +.TP +\fB--nocaps\fR +Don't verify file capabilities. .PP The format of the output is a string of 9 characters, a possible attribute marker: @@ -717,7 +717,8 @@ static int fsmBackup(rpmfi fi, rpmFileAction action) } static int fsmSetmeta(const char *path, rpmfi fi, rpmPlugins plugins, - rpmFileAction action, const struct stat * st) + rpmFileAction action, const struct stat * st, + int nofcaps) { int rc = 0; const char *dest = rpmfiFN(fi); @@ -729,7 +730,7 @@ static int fsmSetmeta(const char *path, rpmfi fi, rpmPlugins plugins, rc = fsmChmod(path, st->st_mode); } /* Set file capabilities (if enabled) */ - if (!rc && S_ISREG(st->st_mode) && !getuid()) { + if (!rc && !nofcaps && S_ISREG(st->st_mode) && !getuid()) { rc = fsmSetFCaps(path, rpmfiFCaps(fi)); } if (!rc) { @@ -827,6 +828,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, int saveerrno = errno; int rc = 0; int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0; + int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0; int firsthardlink = -1; int skip; rpmFileAction action; @@ -931,7 +933,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, } /* Set permissions, timestamps etc for non-hardlink entries */ if (!rc && setmeta) { - rc = fsmSetmeta(fpath, fi, plugins, action, &sb); + rc = fsmSetmeta(fpath, fi, plugins, action, &sb, nofcaps); } } else if (firsthardlink >= 0 && rpmfiArchiveHasContent(fi)) { /* we skip the hard linked file containing the content */ diff --git a/lib/poptI.c b/lib/poptI.c index f01066aaa..8272fa80f 100644 --- a/lib/poptI.c +++ b/lib/poptI.c @@ -87,6 +87,10 @@ static void installArgCallback( poptContext con, ia->transFlags |= RPMTRANS_FLAG_NOCONTEXTS; break; + case RPMCLI_POPT_NOCAPS: + ia->transFlags |= RPMTRANS_FLAG_NOCAPS; + break; + case RPMCLI_POPT_FORCE: ia->probFilter |= ( RPMPROB_FILTER_REPLACEPKG @@ -181,6 +185,8 @@ struct poptOption rpmInstallPoptTable[] = { N_("don't verify digest of files (obsolete)"), NULL }, { "nocontexts", '\0',0, NULL, RPMCLI_POPT_NOCONTEXTS, N_("don't install file security contexts"), NULL}, + { "nocaps", '\0',0, NULL, RPMCLI_POPT_NOCAPS, + N_("don't install file capabilities"), NULL}, { "noorder", '\0', POPT_BIT_SET, &rpmIArgs.installInterfaceFlags, INSTALL_NOORDER, diff --git a/lib/poptQV.c b/lib/poptQV.c index 18a2199d9..1c86a7e7a 100644 --- a/lib/poptQV.c +++ b/lib/poptQV.c @@ -160,6 +160,10 @@ static void queryArgCallback(poptContext con, qva->qva_flags |= VERIFY_CONTEXTS; break; + case RPMCLI_POPT_NOCAPS: + qva->qva_flags |= VERIFY_CAPS; + break; + #ifdef NOTYET case RPMCLI_POPT_FORCE: ia->probFilter |= @@ -247,12 +251,11 @@ struct poptOption rpmVerifyPoptTable[] = { { "nordev", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, &rpmQVKArgs.qva_flags, VERIFY_RDEV, N_("don't verify mode of files"), NULL }, - { "nocaps", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, - &rpmQVKArgs.qva_flags, VERIFY_CAPS, - N_("don't verify capabilities of files"), NULL }, { "nocontexts", '\0', POPT_ARGFLAG_DOC_HIDDEN, NULL, RPMCLI_POPT_NOCONTEXTS, N_("don't verify file security contexts"), NULL }, + { "nocaps", '\0', POPT_ARGFLAG_DOC_HIDDEN, NULL, RPMCLI_POPT_NOCAPS, + N_("don't verify capabilities of files"), NULL }, { "nofiles", '\0', POPT_BIT_SET, &rpmQVKArgs.qva_flags, VERIFY_FILES, N_("don't verify files in package"), NULL}, { "nodeps", '\0', 0, NULL, RPMCLI_POPT_NODEPS, diff --git a/lib/rpmcli.h b/lib/rpmcli.h index 5b0ba5f81..9e5149cb3 100644 --- a/lib/rpmcli.h +++ b/lib/rpmcli.h @@ -69,6 +69,7 @@ rpmcliFini(poptContext optCon); #define RPMCLI_POPT_NODIGEST -1030 #define RPMCLI_POPT_NOHDRCHK -1031 #define RPMCLI_POPT_NOCONTEXTS -1032 +#define RPMCLI_POPT_NOCAPS -1033 /* ==================================================================== */ /** \name RPMQV */ diff --git a/lib/rpmts.h b/lib/rpmts.h index 99bcbf2a9..e3572477d 100644 --- a/lib/rpmts.h +++ b/lib/rpmts.h @@ -36,7 +36,8 @@ enum rpmtransFlags_e { RPMTRANS_FLAG_ALLFILES = (1 << 6), /*!< from --allfiles */ RPMTRANS_FLAG_NOPLUGINS = (1 << 7), /*!< from --noplugins */ RPMTRANS_FLAG_NOCONTEXTS = (1 << 8), /*!< from --nocontexts */ - /* bits 9-15 unused */ + RPMTRANS_FLAG_NOCAPS = (1 << 9), /*!< from --nocaps */ + /* bits 10-15 unused */ RPMTRANS_FLAG_NOTRIGGERPREIN= (1 << 16), /*!< from --notriggerprein */ RPMTRANS_FLAG_NOPRE = (1 << 17), /*!< from --nopre */ RPMTRANS_FLAG_NOPOST = (1 << 18), /*!< from --nopost */ diff --git a/python/rpmmodule.c b/python/rpmmodule.c index 9741ee77c..7aa6db02e 100644 --- a/python/rpmmodule.c +++ b/python/rpmmodule.c @@ -449,6 +449,7 @@ static int initModule(PyObject *m) REGISTER_ENUM(RPMTRANS_FLAG_NOPLUGINS); REGISTER_ENUM(RPMTRANS_FLAG_KEEPOBSOLETE); REGISTER_ENUM(RPMTRANS_FLAG_NOCONTEXTS); + REGISTER_ENUM(RPMTRANS_FLAG_NOCAPS); REGISTER_ENUM(RPMTRANS_FLAG_REPACKAGE); REGISTER_ENUM(RPMTRANS_FLAG_REVERSE); REGISTER_ENUM(RPMTRANS_FLAG_NOPRE); |