OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kinit?expand=0&rev=11

2014-03-12 02:02:49 +00:00 · 2014-03-12 02:02:49 +00:00 · f4d2b59069
commit f4d2b59069
parent e4ec59bbd8
2 changed files with 67 additions and 1 deletions
--- a/kinit.spec
+++ b/kinit.spec
@ -33,12 +33,15 @@ BuildRequires:  pkgconfig(Qt5DBus) >= 5.2.0
 BuildRequires:  pkgconfig(Qt5Gui) >= 5.2.0
 BuildRequires:  pkgconfig(Qt5Widgets) >= 5.2.0
 BuildRequires:  pkgconfig(x11)
 BuildRequires:  libcap-devel
 PreReq:         permissions
 PreReq:         libcap-progs
 Summary:        Helper library to speed up start of applications on KDE workspaces
 License:        LGPL-2.1+
 Group:          System/GUI/KDE
 Url:            http://www.kde.org
 Source0:        kinit-%{version}.tar.xz
 Patch0:         use-capabilities.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
@ -57,6 +60,7 @@ booting UNIX. Development files.
 %prep
 %setup -q
 %patch0 -p1
 %build
  %cmake_kf5 -d build -- -DCMAKE_CXX_FLAGS="%{optflags} -fpie" -DCMAKE_C_FLAGS="%{optflags} -fpie" -DCMAKE_SHARED_LINKER_FLAGS="-pie" -DCMAKE_EXE_LINKER_FLAGS="-pie" -DCMAKE_MODULE_LINKER_FLAGS="-pie"
@ -90,7 +94,7 @@ echo "setBadness('permissions-file-setuid-bit', 998)" > $RPM_SOURCE_DIR/%name-rp
 %{_kf5_libdir}/libkdeinit5_klauncher.so
 %{_kf5_libexecdir}/klauncher
 %{_kf5_bindir}/kshell5
-%verify(not mode caps) %attr(4755,root,root) %{_kf5_libexecdir}/start_kdeinit
+%caps(cap_sys_resource=ep) %{_kf5_libexecdir}/start_kdeinit
 %{_kf5_libexecdir}/start_kdeinit_wrapper
 %files devel
--- a/use-capabilities.patch
+++ b/use-capabilities.patch
@ -0,0 +1,62 @@
 diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
 index c53e1de..f29ec47 100644
 --- a/ConfigureChecks.cmake
 +++ b/ConfigureChecks.cmake
@@ -13,3 +13,4 @@ check_include_files(sys/exec.h  HAVE_SYS_EXEC_H)
 check_function_exists(pstat HAVE_PSTAT)
 check_function_exists(setproctitle HAVE_SETPROCTITLE)
 check_library_exists(socket connect "" HAVE_SOCKET_LIBRARY)
 +check_library_exists(cap cap_init "" HAVE_CAPABILITIES)
 diff --git a/src/start_kdeinit/CMakeLists.txt b/src/start_kdeinit/CMakeLists.txt
 index 6bfc496..0c513de 100644
 --- a/src/start_kdeinit/CMakeLists.txt
 +++ b/src/start_kdeinit/CMakeLists.txt
@@ -9,6 +9,6 @@ if (CMAKE_SYSTEM_NAME MATCHES Linux)
     set(KDEINIT_OOM_PROTECT 1)
     install(CODE "
       set(START_KDEINIT_PATH \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${LIBEXEC_INSTALL_DIR}/start_kdeinit\")
 -        EXECUTE_PROCESS(COMMAND sh -c \"chown 0 '\${START_KDEINIT_PATH}' && chmod u+s '\${START_KDEINIT_PATH}'\")
 +        EXECUTE_PROCESS(COMMAND sh -c \"setcap 'CAP_SYS_RESOURCE=+ep' '\${START_KDEINIT_PATH}'\")
     ")
 endif ()
 diff --git a/src/start_kdeinit/start_kdeinit.c b/src/start_kdeinit/start_kdeinit.c
 index 3c733e7..26d2843 100644
 --- a/src/start_kdeinit/start_kdeinit.c
 +++ b/src/start_kdeinit/start_kdeinit.c
@@ -27,6 +27,10 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
 +#ifdef HAVE_CAPABILITIES
 +#include <sys/capability.h>
 +#endif
 +
 #define EXECUTE CMAKE_INSTALL_PREFIX"/"BIN_INSTALL_DIR "/kdeinit5"
@@ -98,6 +102,10 @@ int main(int argc, char **argv)
     unsigned i;
     char **orig_environ = NULL;
     char header[ 7 ];
 +#ifdef HAVE_CAPABILITIES
 +    cap_t caps;
 +#endif
 +
     if (pipe(pipes) < 0) {
         perror("pipe()");
         return 1;
@@ -111,6 +119,14 @@ int main(int argc, char **argv)
         perror("fork()");
         return 1;
     default: /* parent, drop privileges and exec */
 +#ifdef HAVE_CAPABILITIES
 +        caps = cap_init();
 +        if (cap_set_proc(caps) < 0) {
 +            perror("cap_set_proc()");
 +            return 1;
 +        }
 +        cap_free(caps);
 +#endif
         if (setgid(getgid())) {
             perror("setgid()");
             return 1;