From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 20 Mar 2023 11:35:52 +0000 (+0100)
Subject: nfs-utils: mount.nfs - Use capabilities instead of suid bit
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27a002f43ae4cdd20d54cfc50abc0151bdce746d;p=people%2Fstevee%2Fipfire-3.x.git

nfs-utils: mount.nfs - Use capabilities instead of suid bit

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/nfs-utils/nfs-utils.nm b/nfs-utils/nfs-utils.nm
index 771c47636..9cc6740bb 100644
--- a/nfs-utils/nfs-utils.nm
+++ b/nfs-utils/nfs-utils.nm
@@ -5,7 +5,7 @@
 
 name       = nfs-utils
 version    = 2.6.2
-release    = 4
+release    = 5
 
 groups     = Networking/Tools
 url        = http://nfs.sourceforge.net/
@@ -51,6 +51,7 @@ build
 		--enable-mountconfig \
 		--enable-ipv6 \
 		--enable-gss \
+		--enable-caps \
 		--with-statedir=/var/lib/nfs \
 		--with-statdpath=/var/lib/nfs/statd \
 		--with-start-statd=/usr/bin/start-statd \
@@ -82,6 +83,10 @@ build
 
 		mkdir -pv %{BUILDROOT}/var/lib/nfs/statd/sm{,.bak}
 		chown rpcuser:rpcuser -Rv %{BUILDROOT}/var/lib/nfs/statd
+
+		# Set capabilities
+		chmod -v 0755 %{BUILDROOT}%{bindir}/mount.nfs
+		setcap CAP_DAC_OVERRIDE,CAP_SYS_ADMIN=ep %{BUILDROOT}%{bindir}/mount.nfs
 	end
 end