During the build process, we set capabilities to elevate privileges of
certain progrems (e.g. ping). These have been removed during the build
process because of strip.
This patch collects any capabilities from all files that are being
stripped and restores them after calling strip.
Fixes: #12652
Reported-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
fi
done
+ # Fetch any capabilities
+ local capabilities="$(getfattr --no-dereference --name="security.capability" \
+ --absolute-names --dump "${file}")"
+
local cmd=( "${strip}" )
case "$(file -bi ${file})" in
echo "Stripping ${file}..."
${cmd[*]} ${file}
+
+ # Restore capabilities
+ if [ -n "${capabilities}" ]; then
+ setfattr --no-dereference --restore=<(echo "${capabilities}")
+ fi
}
for dir in ${dirs}; do