Mailinglist Archive: opensuse-packaging (155 mails)

< Previous Next >
[opensuse-packaging] Fwd: Replace setuid bit to cap_net_raw capability
Hello list,

I'm Ubuntu fugitive and frequent user of mtr utility
(https://build.opensuse.org/package/show/network:utilities/mtr). In
ubuntu mtr could be run by restricted user, but not in OpenSUSE,
complaining with "unable to get raw sockets" message.

By adding cap_net_raw capability to /usr/sbin/mtr with

sudo /sbin/setcap cap_net_raw+ep /usr/sbin/mtr

(found in libcap-progs package) and then fixing permissions by
removing suid bit and making all users run it with

sudo chmod -s+rx /usr/sbin/mtr

I've managed to successfully run mtr as unprivileged user.

I'm almost sure that capabilities cannot be transferred across rpm
which means I should add libcap-progs as a runtime dependency, and
update permissions/add capability during package installation. Am I
right?

Thanks in advance.
--
Regards,
Andrei Dziahel
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >