Add more capabilities

From: Daniel Lezcano <daniel.lezcano@free.fr> lxc-execute and lxc-create need capability to mount. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add more capabilities
44931bc7 · dlezcano · 4c8ab83b · 44931bc7 · 44931bc7
Commit 44931bc7 authored Feb 16, 2009 by dlezcano
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 12 deletions

lxc.spec.in lxc.spec.in +18 -10

Makefile.am src/lxc/Makefile.am +11 -2

No files found.
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -71,18 +71,23 @@ rm -rf %{buildroot}
 mkdir -p /var/lxc
 chmod ugo+w /var/lxc

-setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-execute && \
-setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-start && \
+setcap cap_sys_admin=ep %{_bindir}/lxc-init
+
+setcap cap_sys_admin=ep %{_bindir}/lxc-netstat
+
+setcap cap_sys_admin=ep %{_bindir}/lxc-create
+
+setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-execute
+
+setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-start
+
 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-restart && \
+    %{_bindir}/lxc-restart
+
 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-unshare && \
-setcap cap_sys_admin=ep \
-    %{_bindir}/lxc-init && \
-setcap cap_sys_admin=ep \
-    %{_bindir}/lxc-netstat
+    %{_bindir}/lxc-unshare

 %files
 %defattr(-,root,root)
@@ -99,6 +104,9 @@ setcap cap_sys_admin=ep \

 %changelog

+* Mon Feb 16 2009 Daniel Lezcano <daniel.lezcano@free.fr> - Version 0.6.0
+- Added more capabilities to the executables
+
 * Sun Jan 25 2009 Daniel Lezcano <daniel.lezcano@free.fr> - Version 0.6.0
 - Reduced spec file


--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -126,18 +126,27 @@ lxc_version_LDADD = liblxc.la
 install-exec-local:
 	-@export PATH=$$PATH:/sbin:/usr/sbin && \
 	 mkdir -p $(localstatedir) && \
-	 setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		\
+	 setcap cap_sys_admin=ep $(bindir)/lxc-create && \
+	 	\
+	 setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
 		$(bindir)/lxc-execute && \
-	 setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		\
+	 setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
 		$(bindir)/lxc-start && \
+		\
 	 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
 		$(bindir)/lxc-restart && \
+		\
 	 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
 		$(bindir)/lxc-unshare && \
+		\
 	 setcap cap_sys_admin=ep \
 		$(bindir)/lxc-init && \
+		\
 	 setcap cap_sys_admin=ep \
 		$(bindir)/lxc-netstat && \
+		\
 	 mkdir -p $(prefix)/var/lxc && \
 	 chmod ugo+rw $(prefix)/var/lxc || \
 	(echo && echo && \