From: dlezcano Date: Mon, 16 Feb 2009 10:19:27 +0000 (+0000) Subject: Add more capabilities X-Git-Tag: lxc-2.1.1~3372 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=44931bc727695f3c46b600c4abedcc0404483be1;p=mirror_lxc.git Add more capabilities From: Daniel Lezcano lxc-execute and lxc-create need capability to mount. Signed-off-by: Daniel Lezcano --- diff --git a/lxc.spec.in b/lxc.spec.in index db4018ac9..86832d1f1 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -71,18 +71,23 @@ rm -rf %{buildroot} mkdir -p /var/lxc chmod ugo+w /var/lxc -setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ - %{_bindir}/lxc-execute && \ -setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ - %{_bindir}/lxc-start && \ +setcap cap_sys_admin=ep %{_bindir}/lxc-init + +setcap cap_sys_admin=ep %{_bindir}/lxc-netstat + +setcap cap_sys_admin=ep %{_bindir}/lxc-create + +setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ + %{_bindir}/lxc-execute + +setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ + %{_bindir}/lxc-start + setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ - %{_bindir}/lxc-restart && \ + %{_bindir}/lxc-restart + setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ - %{_bindir}/lxc-unshare && \ -setcap cap_sys_admin=ep \ - %{_bindir}/lxc-init && \ -setcap cap_sys_admin=ep \ - %{_bindir}/lxc-netstat + %{_bindir}/lxc-unshare %files %defattr(-,root,root) @@ -99,6 +104,9 @@ setcap cap_sys_admin=ep \ %changelog +* Mon Feb 16 2009 Daniel Lezcano - Version 0.6.0 +- Added more capabilities to the executables + * Sun Jan 25 2009 Daniel Lezcano - Version 0.6.0 - Reduced spec file diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 677ebe4f6..c02d81119 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -126,18 +126,27 @@ lxc_version_LDADD = liblxc.la install-exec-local: -@export PATH=$$PATH:/sbin:/usr/sbin && \ mkdir -p $(localstatedir) && \ - setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ + \ + setcap cap_sys_admin=ep $(bindir)/lxc-create && \ + \ + setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ $(bindir)/lxc-execute && \ - setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ + \ + setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ $(bindir)/lxc-start && \ + \ setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ $(bindir)/lxc-restart && \ + \ setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \ $(bindir)/lxc-unshare && \ + \ setcap cap_sys_admin=ep \ $(bindir)/lxc-init && \ + \ setcap cap_sys_admin=ep \ $(bindir)/lxc-netstat && \ + \ mkdir -p $(prefix)/var/lxc && \ chmod ugo+rw $(prefix)/var/lxc || \ (echo && echo && \