diff options
Diffstat (limited to '')
| -rwxr-xr-x | debian/iproute2.postinst | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/iproute2.postinst b/debian/iproute2.postinst new file mode 100755 index 0000000..912e8d9 --- /dev/null +++ b/debian/iproute2.postinst @@ -0,0 +1,45 @@ +#!/bin/sh + +set -e + +# Alternatively this check can be disabled by preseeding: +# echo "iproute2/setcaps boolean false" | debconf-set-selections + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + if command -v setcap > /dev/null; then + db_get iproute2/setcaps + + # Allow dpkg-reconfigure to remove caps + if test "$RET" = "true"; then + if ! setcap "cap_dac_override,cap_sys_admin,cap_net_admin=ep" /bin/ip; then + echo "Setcap failed on /bin/ip, ip vrf exec will not be runnable by non-root" >&2 + fi + else + # setcap -r fails if the xattr is not present + if getcap /bin/ip | grep -qs "/bin/ip"; then + if ! setcap "-r" /bin/ip; then + echo "Setcap -r failed on /bin/ip, could not remove capabilities" >&2 + fi + fi + fi + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 |