From b4178c979fff344a1c5142a305f274dd9aff8f45 Mon Sep 17 00:00:00 2001 From: Markus Linnala Date: Sun, 28 Oct 2018 14:59:52 +0200 Subject: [PATCH] Remove capabilities instead of setting empty caps via. --setcaps If a file in a package does not have any capabilities rpm --setcaps should remove capabilities of the file. Prior to this patch capabilities of the file were set as empty. Empty capabilities mean more than no capabilities. A file with no capabilities can inherit capabilities, but file with empty capabilities can not. When ever package does not have any capabilities set %|FILECAPS? is false. If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is '' when the file does not have capabilities and '= ' when there is some. Reported and patch created by Markus Linnala Commit message edited by Pavlina Moravcova Varekova and Florian Festi. Fixes #585 Fixes #586 --- rpmpopt.in | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rpmpopt.in b/rpmpopt.in index 42d3416a3..557050a24 100644 --- a/rpmpopt.in +++ b/rpmpopt.in @@ -57,8 +57,13 @@ rpm alias --setugids -q --qf \ --POPTdesc=$"set user/group ownership of files in a package" rpm alias --setcaps -q --qf \ - "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \ - && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \ + "[if \[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \]; then\n\ +%|FILECAPS?{ if \[ -n %{FILECAPS:shescape} \]; then\n\ + setcap %{FILECAPS:shescape} %{FILENAMES:shescape}\n\ + el}:{ }|if \[ -n \"\$(getcap %{FILENAMES:shescape})\" \]; then\n\ + setcap -r %{FILENAMES:shescape}\n\ + fi\n\ +fi\n]" \ --pipe "sh" \ --POPTdesc=$"set capabilities of files in a package" -- 2.21.0