Browse Source

debian/shadowsocks-libev.postinst: Limit capabilities setting

setcap setting is only for configure/reconfigure case in postinst script
pull/1043/head
Roger Shimizu 7 years ago
committed by Max Lv
parent
commit
b85ae24d7c
1 changed files with 20 additions and 6 deletions
  1. 26
      debian/shadowsocks-libev.postinst

26
debian/shadowsocks-libev.postinst

@ -2,15 +2,29 @@
set -e set -e
if [ -f /sbin/setcap ]; then
setcap cap_net_bind_service+ep /usr/bin/ss-local 2>/dev/null
setcap cap_net_bind_service+ep /usr/bin/ss-server 2>/dev/null
setcap cap_net_bind_service+ep /usr/bin/ss-tunnel 2>/dev/null
setcap cap_net_bind_service+ep /usr/bin/ss-redir 2>/dev/null
fi
# POSIX-compliant maint function recommend by devref
# to check for the existence of a command
# https://www.debian.org/doc/manuals/developers-reference/ch06.html#bpp-debian-maint-scripts
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
case "$1" in case "$1" in
configure|reconfigure) configure|reconfigure)
pathfind setcap && setcap \
cap_net_bind_service+ep /usr/bin/ss-local \
cap_net_bind_service+ep /usr/bin/ss-redir \
cap_net_bind_service+ep /usr/bin/ss-server \
cap_net_bind_service+ep /usr/bin/ss-tunnel
if [ ! -f /etc/shadowsocks-libev/config.json ]; then if [ ! -f /etc/shadowsocks-libev/config.json ]; then
passwd=$(apg -n 1 -M ncl) passwd=$(apg -n 1 -M ncl)
mkdir -p /etc/shadowsocks-libev mkdir -p /etc/shadowsocks-libev

Loading…
Cancel
Save