xorg-x11-server: Remove SUID bits and add posix capabilities.

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)
diff --git a/pkgs/core/xorg-x11-server/xorg-x11-server.nm b/pkgs/core/xorg-x11-server/xorg-x11-server.nm

index dec64122509947f34cf9eb5f2101c6b08e462415..a094a1085f2e7b71eec2889644a62340ea062e5c 100644 (file)
--- a/pkgs/core/xorg-x11-server/xorg-x11-server.nm
+++ b/pkgs/core/xorg-x11-server/xorg-x11-server.nm
@@ -34,7 +34,7 @@ PKG_URL        = http://www.x.org
  PKG_LICENSE    = MIT
  PKG_SUMMARY    = X.Org X11 X server.
  
-PKG_BUILD_DEPS+= autoconf automake libX11-devel libXau-devel libXdmcp-devel\
+PKG_BUILD_DEPS+= autoconf automake libcap libX11-devel libXau-devel libXdmcp-devel\
         libXext-devel libXfixes-devel libXfont-devel libXmu-devel libXrender-devel\
         libXres-devel libXt-devel libdrm-devel libfontenc-devel libpciaccess-devel\
         libtool libudev-devel libxcb-devel libxkbfile-devel mesa-devel pixman-devel\
@@ -123,4 +123,9 @@ define STAGE_INSTALL
                 $(BUILDROOT)/usr/share/xorg/
         cd $(DIR_APP) && install -m 644 $(DIR_SOURCE)/10-quirks.conf \
                 $(BUILDROOT)/usr/share/X11/xorg.conf.d
+
+       # Capabilities
+       chmod u-s $(BUILDROOT)/usr/bin/Xorg
+       setcap cap_chown,cap_dac_override,cap_sys_rawio,cap_sys_admin+ep \
+               $(BUILDROOT)/usr/bin/Xorg
  endef
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Sep 2010 20:16:29 +0000 (22:16 +0200)