nfs-utils: mount.nfs - Use capabilities instead of suid bit

author Stefan Schantl <stefan.schantl@ipfire.org>

Mon, 20 Mar 2023 11:35:52 +0000 (12:35 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 21 Mar 2023 18:25:40 +0000 (18:25 +0000)
author Stefan Schantl <stefan.schantl@ipfire.org>
Mon, 20 Mar 2023 11:35:52 +0000 (12:35 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 21 Mar 2023 18:25:40 +0000 (18:25 +0000)
diff --git a/nfs-utils/nfs-utils.nm b/nfs-utils/nfs-utils.nm

index 771c47636955617bfaadc1076179de9cefdf3d4f..9cc6740bb200ed65f9d469fc461f2685910c47f8 100644 (file)
--- a/nfs-utils/nfs-utils.nm
+++ b/nfs-utils/nfs-utils.nm
@@ -5,7 +5,7 @@
  
  name       = nfs-utils
  version    = 2.6.2
-release    = 4
+release    = 5
  
  groups     = Networking/Tools
  url        = http://nfs.sourceforge.net/
@@ -51,6 +51,7 @@ build
                 --enable-mountconfig \
                 --enable-ipv6 \
                 --enable-gss \
+               --enable-caps \
                 --with-statedir=/var/lib/nfs \
                 --with-statdpath=/var/lib/nfs/statd \
                 --with-start-statd=/usr/bin/start-statd \
@@ -82,6 +83,10 @@ build
  
                 mkdir -pv %{BUILDROOT}/var/lib/nfs/statd/sm{,.bak}
                 chown rpcuser:rpcuser -Rv %{BUILDROOT}/var/lib/nfs/statd
+
+               # Set capabilities
+               chmod -v 0755 %{BUILDROOT}%{bindir}/mount.nfs
+               setcap CAP_DAC_OVERRIDE,CAP_SYS_ADMIN=ep %{BUILDROOT}%{bindir}/mount.nfs
         end
  end
author	Stefan Schantl <stefan.schantl@ipfire.org>
	Mon, 20 Mar 2023 11:35:52 +0000 (12:35 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 21 Mar 2023 18:25:40 +0000 (18:25 +0000)