[mirror_smartmontools-debian.git] / debian / patches / 62_lowcap.patch

Drop all unnecessary capabilities
Origin Fedora
--- a/Makefile.am
+++ b/Makefile.am
@@ -45,7 +45,7 @@ smartd_SOURCES =  smartd.cpp      \
                   utility.cpp     \
                   utility.h
 
-smartd_LDADD = @os_deps@ @os_libs@
+smartd_LDADD = @os_deps@ @os_libs@ @CAPNG_LDADD@
 smartd_DEPENDENCIES = @os_deps@
 
 EXTRA_smartd_SOURCES = os_darwin.cpp    \
--- a/configure.in
+++ b/configure.in
@@ -204,6 +204,40 @@ if test "$with_selinux" = "yes"; then
 	AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
 fi
 
+  AC_ARG_WITH(libcap-ng,
+    [  --with-libcap-ng=[auto/yes/no]  Add Libcap-ng support [default=auto]],,
+    with_libcap_ng=auto)
+
+# Check for Libcap-ng API
+#
+# libcap-ng detection
+
+if test x$with_libcap_ng = xno ; then
+    have_libcap_ng=no;
+else
+    # Start by checking for header file
+    AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
+
+    # See if we have libcap-ng library
+    AC_CHECK_LIB(cap-ng, capng_clear, CAPNG_LDADD=-lcap-ng,)
+
+    # Check results are usable
+    if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
+       AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
+    fi
+    if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
+       AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
+    fi
+fi
+AC_SUBST(CAPNG_LDADD)
+AC_MSG_CHECKING(whether to use libcap-ng)
+if test x$CAPNG_LDADD != x ; then
+    AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
 if test "$prefix" = "NONE"; then
     dnl no prefix and no mandir, so use ${prefix}/share/man as default
     if test "$mandir" = '${prefix}/man'; then
--- a/smartd.cpp
+++ b/smartd.cpp
@@ -77,6 +77,10 @@ extern "C" int __stdcall FreeConsole(voi
 #include <io.h> // setmode()
 #endif // __CYGWIN__
 
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif //LIBCAP_NG
+
 // locally included files
 #include "int64.h"
 #include "atacmds.h"
@@ -4257,7 +4261,15 @@ int main_worker(int argc, char **argv)
   // Devices to monitor
   smart_device_list devices;
 
-  bool write_states_always = true;
+  bool write_states_always = true
+	  ;
+#ifdef HAVE_LIBCAP_NG
+  // Drop capabilities
+  capng_clear(CAPNG_SELECT_BOTH);
+  capng_updatev(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED),
+		  CAP_SYS_ADMIN, CAP_SYS_RAWIO, -1);
+  capng_apply(CAPNG_SELECT_BOTH);
+#endif
 
   // the main loop of the code
   for (;;) {
Commit	Line	Data
0dcf3018 GI	1	Drop all unnecessary capabilities
	2	Origin Fedora
	3	--- a/Makefile.am
	4	+++ b/Makefile.am
	5	@@ -45,7 +45,7 @@ smartd_SOURCES = smartd.cpp \
	6	utility.cpp \
	7	utility.h
	8
	9	-smartd_LDADD = @os_deps@ @os_libs@
	10	+smartd_LDADD = @os_deps@ @os_libs@ @CAPNG_LDADD@
	11	smartd_DEPENDENCIES = @os_deps@
	12
	13	EXTRA_smartd_SOURCES = os_darwin.cpp \
	14	--- a/configure.in
	15	+++ b/configure.in
	16	@@ -204,6 +204,40 @@ if test "$with_selinux" = "yes"; then
	17	AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
	18	fi
	19
	20	+ AC_ARG_WITH(libcap-ng,
	21	+ [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],,
	22	+ with_libcap_ng=auto)
	23	+
	24	+# Check for Libcap-ng API
	25	+#
	26	+# libcap-ng detection
	27	+
	28	+if test x$with_libcap_ng = xno ; then
	29	+ have_libcap_ng=no;
	30	+else
	31	+ # Start by checking for header file
	32	+ AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no)
	33	+
	34	+ # See if we have libcap-ng library
	35	+ AC_CHECK_LIB(cap-ng, capng_clear, CAPNG_LDADD=-lcap-ng,)
	36	+
	37	+ # Check results are usable
	38	+ if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then
	39	+ AC_MSG_ERROR(libcap-ng support was requested and the library was not found)
	40	+ fi
	41	+ if test x$CAPNG_LDADD != x -a $capng_headers = no ; then
	42	+ AC_MSG_ERROR(libcap-ng libraries found but headers are missing)
	43	+ fi
	44	+fi
	45	+AC_SUBST(CAPNG_LDADD)
	46	+AC_MSG_CHECKING(whether to use libcap-ng)
	47	+if test x$CAPNG_LDADD != x ; then
	48	+ AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support])
	49	+ AC_MSG_RESULT(yes)
	50	+else
	51	+ AC_MSG_RESULT(no)
	52	+fi
	53	+
	54	if test "$prefix" = "NONE"; then
	55	dnl no prefix and no mandir, so use ${prefix}/share/man as default
	56	if test "$mandir" = '${prefix}/man'; then
	57	--- a/smartd.cpp
	58	+++ b/smartd.cpp
	59	@@ -77,6 +77,10 @@ extern "C" int __stdcall FreeConsole(voi
	60	#include <io.h> // setmode()
	61	#endif // __CYGWIN__
	62
	63	+#ifdef HAVE_LIBCAP_NG
	64	+#include <cap-ng.h>
65	+#endif //LIBCAP_NG
66	+
67	// locally included files
68	#include "int64.h"
69	#include "atacmds.h"
70	@@ -4257,7 +4261,15 @@ int main_worker(int argc, char **argv)
71	// Devices to monitor
72	smart_device_list devices;
73
74	- bool write_states_always = true;
75	+ bool write_states_always = true
76	+ ;
77	+#ifdef HAVE_LIBCAP_NG
78	+ // Drop capabilities
79	+ capng_clear(CAPNG_SELECT_BOTH);
80	+ capng_updatev(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE\|CAPNG_PERMITTED),
81	+ CAP_SYS_ADMIN, CAP_SYS_RAWIO, -1);
82	+ capng_apply(CAPNG_SELECT_BOTH);
83	+#endif
84
85	// the main loop of the code
86	for (;;) {