detect-virt: install with fs caps by default to allow unprivileged access
This commit is contained in:
parent
7a69007a24
commit
96ede2601f
|
@ -1403,6 +1403,12 @@ systemd_detect_virt_SOURCES = \
|
||||||
systemd_detect_virt_LDADD = \
|
systemd_detect_virt_LDADD = \
|
||||||
libsystemd-shared.la
|
libsystemd-shared.la
|
||||||
|
|
||||||
|
systemd-detect-virt-install-hook:
|
||||||
|
$(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt ||:
|
||||||
|
|
||||||
|
INSTALL_EXEC_HOOKS += \
|
||||||
|
systemd-detect-virt-install-hook
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
systemd_delta_SOURCES = \
|
systemd_delta_SOURCES = \
|
||||||
src/delta/delta.c
|
src/delta/delta.c
|
||||||
|
|
|
@ -67,6 +67,8 @@ AC_PATH_PROG([XSLTPROC], [xsltproc])
|
||||||
AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon])
|
AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon])
|
||||||
AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck])
|
AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck])
|
||||||
|
|
||||||
|
AC_PATH_PROG([SETCAP], [setcap], [/sbin/setcap])
|
||||||
|
|
||||||
# gtkdocize greps for '^GTK_DOC_CHECK', so it needs to be on its own line
|
# gtkdocize greps for '^GTK_DOC_CHECK', so it needs to be on its own line
|
||||||
m4_ifdef([GTK_DOC_CHECK], [
|
m4_ifdef([GTK_DOC_CHECK], [
|
||||||
GTK_DOC_CHECK([1.18],[--flavour no-tmpl])
|
GTK_DOC_CHECK([1.18],[--flavour no-tmpl])
|
||||||
|
|
|
@ -159,10 +159,10 @@ int detect_container(const char **id) {
|
||||||
/* Unfortunately many of these operations require root access
|
/* Unfortunately many of these operations require root access
|
||||||
* in one way or another */
|
* in one way or another */
|
||||||
|
|
||||||
if (geteuid() != 0)
|
r = running_in_chroot();
|
||||||
return -EPERM;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
if (running_in_chroot() > 0) {
|
if (r > 0) {
|
||||||
|
|
||||||
if (id)
|
if (id)
|
||||||
*id = "chroot";
|
*id = "chroot";
|
||||||
|
|
Loading…
Reference in New Issue