From 510551ed662f52f5a03f16e44f33e65f845c8ad9 Mon Sep 17 00:00:00 2001 From: Markus Linnala Date: Mar 25 2020 08:22:21 +0000 Subject: Remove capabilities instead of setting empty caps via. --setcaps If a file in a package does not have any capabilities rpm --setcaps should remove capabilities of the file. Prior to this patch capabilities of the file were set as empty. Empty capabilities mean more than no capabilities. A file with no capabilities can inherit capabilities, but file with empty capabilities can not. When ever package does not have any capabilities set %|FILECAPS? is false. If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is '' when the file does not have capabilities and '= ' when there is some. Reported and patch created by Markus Linnala Commit message edited by Pavlina Moravcova Varekova and Florian Festi. Fixes #585 Fixes #586 --- diff --git a/rpmpopt.in b/rpmpopt.in index 3a57114..67fcabf 100644 --- a/rpmpopt.in +++ b/rpmpopt.in @@ -57,8 +57,13 @@ rpm alias --setugids -q --qf \ --POPTdesc=$"set user/group ownership of files in a package" rpm alias --setcaps -q --qf \ - "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \ - && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \ + "[if \[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \]; then\n\ +%|FILECAPS?{ if \[ -n %{FILECAPS:shescape} \]; then\n\ + setcap %{FILECAPS:shescape} %{FILENAMES:shescape}\n\ + el}:{ }|if \[ -n \"\$(getcap %{FILENAMES:shescape})\" \]; then\n\ + setcap -r %{FILENAMES:shescape}\n\ + fi\n\ +fi\n]" \ --pipe "sh" \ --POPTdesc=$"set capabilities of files in a package"