From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 30 Sep 2010 20:16:29 +0000 (+0200)
Subject: xorg-x11-server: Remove SUID bits and add posix capabilities.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3e6a54f91bc7ab1405a642e55731a2e0103ab82;p=ipfire-3.x.git

xorg-x11-server: Remove SUID bits and add posix capabilities.
---

diff --git a/pkgs/core/xorg-x11-server/xorg-x11-server.nm b/pkgs/core/xorg-x11-server/xorg-x11-server.nm
index dec641225..a094a1085 100644
--- a/pkgs/core/xorg-x11-server/xorg-x11-server.nm
+++ b/pkgs/core/xorg-x11-server/xorg-x11-server.nm
@@ -34,7 +34,7 @@ PKG_URL        = http://www.x.org
 PKG_LICENSE    = MIT
 PKG_SUMMARY    = X.Org X11 X server.
 
-PKG_BUILD_DEPS+= autoconf automake libX11-devel libXau-devel libXdmcp-devel\
+PKG_BUILD_DEPS+= autoconf automake libcap libX11-devel libXau-devel libXdmcp-devel\
 	libXext-devel libXfixes-devel libXfont-devel libXmu-devel libXrender-devel\
 	libXres-devel libXt-devel libdrm-devel libfontenc-devel libpciaccess-devel\
 	libtool libudev-devel libxcb-devel libxkbfile-devel mesa-devel pixman-devel\
@@ -123,4 +123,9 @@ define STAGE_INSTALL
 		$(BUILDROOT)/usr/share/xorg/
 	cd $(DIR_APP) && install -m 644 $(DIR_SOURCE)/10-quirks.conf \
 		$(BUILDROOT)/usr/share/X11/xorg.conf.d
+
+	# Capabilities
+	chmod u-s $(BUILDROOT)/usr/bin/Xorg
+	setcap cap_chown,cap_dac_override,cap_sys_rawio,cap_sys_admin+ep \
+		$(BUILDROOT)/usr/bin/Xorg
 endef