Remove setuid root and use setcap instead in RPM packages.

author Carl Hetherington <cth@carlh.net>

Sat, 13 Nov 2021 18:43:19 +0000 (19:43 +0100)

committer Carl Hetherington <cth@carlh.net>

Sat, 13 Nov 2021 21:51:40 +0000 (22:51 +0100)
author Carl Hetherington <cth@carlh.net>
Sat, 13 Nov 2021 18:43:19 +0000 (19:43 +0100)
committer Carl Hetherington <cth@carlh.net>
Sat, 13 Nov 2021 21:51:40 +0000 (22:51 +0100)
diff --git a/cscript b/cscript

index 1e3bb9c3847b8f16a9cfb1a3a38b8b25a55facd0..49a07fdb6ee39aef40cd5b9acdeafeea3802706b 100644 (file)
--- a/cscript
+++ b/cscript
@@ -408,6 +408,7 @@ def make_spec(filename, version, target, options, requires=None):
      print('', file=f)
      print('%post', file=f)
      print('/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :', file=f)
+    print('setcap "cap_dac_override+ep cap_sys_admin+ep" /usr/bin/dcpomatic2_disk_writer', file=f)
      print('', file=f)
      print('%postun', file=f)
      print('if [ $1 -eq 0 ] ; then', file=f)
diff --git a/wscript b/wscript

index cfc47d6cca22031a147f79ae1ff21600f166673c..5c729bd4326c0428471a3a7f7d0038c98524bf28 100644 (file)
--- a/wscript
+++ b/wscript
@@ -664,10 +664,6 @@ def create_version_cc(version, cxx_flags):
  def post(ctx):
      if ctx.cmd == 'install' and ctx.env.TARGET_LINUX:
          ctx.exec_command('/sbin/ldconfig')
-        # setuid root executable
-        exe = os.path.join(ctx.env['INSTALL_PREFIX'], 'bin/%s/dcpomatic2_disk_writer')
-        if os.path.exists(exe):
-            os.chmod(exe, 0o4755)
  
  def pot(bld):
      bld.recurse('src')
author	Carl Hetherington <cth@carlh.net>
	Sat, 13 Nov 2021 18:43:19 +0000 (19:43 +0100)
committer	Carl Hetherington <cth@carlh.net>
	Sat, 13 Nov 2021 21:51:40 +0000 (22:51 +0100)