diff --git a/kinit.spec b/kinit.spec index c8e2622..bcd80ac 100644 --- a/kinit.spec +++ b/kinit.spec @@ -35,13 +35,11 @@ BuildRequires: pkgconfig(Qt5Widgets) >= 5.2.0 BuildRequires: pkgconfig(x11) BuildRequires: libcap-devel PreReq: permissions -PreReq: libcap-progs Summary: Helper library to speed up start of applications on KDE workspaces License: LGPL-2.1+ Group: System/GUI/KDE Url: http://www.kde.org Source0: kinit-%{version}.tar.xz -Patch0: use-capabilities.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -60,7 +58,6 @@ booting UNIX. Development files. %prep %setup -q -%patch0 -p1 %build %cmake_kf5 -d build -- -DCMAKE_CXX_FLAGS="%{optflags} -fpie" -DCMAKE_C_FLAGS="%{optflags} -fpie" -DCMAKE_SHARED_LINKER_FLAGS="-pie" -DCMAKE_EXE_LINKER_FLAGS="-pie" -DCMAKE_MODULE_LINKER_FLAGS="-pie" @@ -94,7 +91,7 @@ echo "setBadness('permissions-file-setuid-bit', 998)" > $RPM_SOURCE_DIR/%name-rp %{_kf5_libdir}/libkdeinit5_klauncher.so %{_kf5_libexecdir}/klauncher %{_kf5_bindir}/kshell5 -%caps(cap_sys_resource=ep) %{_kf5_libexecdir}/start_kdeinit +%verify(not mode caps) %attr(4755,root,root) %{_kf5_libexecdir}/start_kdeinit %{_kf5_libexecdir}/start_kdeinit_wrapper %files devel diff --git a/use-capabilities.patch b/use-capabilities.patch deleted file mode 100644 index 80ce0bc..0000000 --- a/use-capabilities.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake -index c53e1de..f29ec47 100644 ---- a/ConfigureChecks.cmake -+++ b/ConfigureChecks.cmake -@@ -13,3 +13,4 @@ check_include_files(sys/exec.h HAVE_SYS_EXEC_H) - check_function_exists(pstat HAVE_PSTAT) - check_function_exists(setproctitle HAVE_SETPROCTITLE) - check_library_exists(socket connect "" HAVE_SOCKET_LIBRARY) -+check_library_exists(cap cap_init "" HAVE_CAPABILITIES) -diff --git a/src/start_kdeinit/CMakeLists.txt b/src/start_kdeinit/CMakeLists.txt -index 6bfc496..0c513de 100644 ---- a/src/start_kdeinit/CMakeLists.txt -+++ b/src/start_kdeinit/CMakeLists.txt -@@ -9,6 +9,6 @@ if (CMAKE_SYSTEM_NAME MATCHES Linux) - set(KDEINIT_OOM_PROTECT 1) - install(CODE " - set(START_KDEINIT_PATH \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${LIBEXEC_INSTALL_DIR}/start_kdeinit\") -- EXECUTE_PROCESS(COMMAND sh -c \"chown 0 '\${START_KDEINIT_PATH}' && chmod u+s '\${START_KDEINIT_PATH}'\") -+ EXECUTE_PROCESS(COMMAND sh -c \"setcap 'CAP_SYS_RESOURCE=+ep' '\${START_KDEINIT_PATH}'\") - ") - endif () -diff --git a/src/start_kdeinit/start_kdeinit.c b/src/start_kdeinit/start_kdeinit.c -index 3c733e7..26d2843 100644 ---- a/src/start_kdeinit/start_kdeinit.c -+++ b/src/start_kdeinit/start_kdeinit.c -@@ -27,6 +27,10 @@ - #include - #include - #include -+#ifdef HAVE_CAPABILITIES -+#include -+#endif -+ - - #define EXECUTE CMAKE_INSTALL_PREFIX"/"BIN_INSTALL_DIR "/kdeinit5" - -@@ -98,6 +102,10 @@ int main(int argc, char **argv) - unsigned i; - char **orig_environ = NULL; - char header[ 7 ]; -+#ifdef HAVE_CAPABILITIES -+ cap_t caps; -+#endif -+ - if (pipe(pipes) < 0) { - perror("pipe()"); - return 1; -@@ -111,6 +119,14 @@ int main(int argc, char **argv) - perror("fork()"); - return 1; - default: /* parent, drop privileges and exec */ -+#ifdef HAVE_CAPABILITIES -+ caps = cap_init(); -+ if (cap_set_proc(caps) < 0) { -+ perror("cap_set_proc()"); -+ return 1; -+ } -+ cap_free(caps); -+#endif - if (setgid(getgid())) { - perror("setgid()"); - return 1;