summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-10-09 22:25:32 +0200
committerLennart Poettering <lennart@poettering.net>2012-10-09 22:25:32 +0200
commit96ede2601f27cd5fe52eed96b873bef55cd0ce23 (patch)
tree0c9812fd9196b9e2e5a186e328c25d65e2ef8ee5
parent7a69007a24cfff30158ea80665cb6c3c9d3251b0 (diff)
detect-virt: install with fs caps by default to allow unprivileged access
-rw-r--r--Makefile.am6
-rw-r--r--configure.ac2
-rw-r--r--src/shared/virt.c8
3 files changed, 12 insertions, 4 deletions
diff --git a/Makefile.am b/Makefile.am
index 621da03260..0b3013b444 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1403,6 +1403,12 @@ systemd_detect_virt_SOURCES = \
systemd_detect_virt_LDADD = \
libsystemd-shared.la
+systemd-detect-virt-install-hook:
+ $(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt ||:
+
+INSTALL_EXEC_HOOKS += \
+ systemd-detect-virt-install-hook
+
# ------------------------------------------------------------------------------
systemd_delta_SOURCES = \
src/delta/delta.c
diff --git a/configure.ac b/configure.ac
index 5d7d0c2863..09818d6ec0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,6 +67,8 @@ AC_PATH_PROG([XSLTPROC], [xsltproc])
AC_PATH_PROG([QUOTAON], [quotaon], [/sbin/quotaon])
AC_PATH_PROG([QUOTACHECK], [quotacheck], [/sbin/quotacheck])
+AC_PATH_PROG([SETCAP], [setcap], [/sbin/setcap])
+
# gtkdocize greps for '^GTK_DOC_CHECK', so it needs to be on its own line
m4_ifdef([GTK_DOC_CHECK], [
GTK_DOC_CHECK([1.18],[--flavour no-tmpl])
diff --git a/src/shared/virt.c b/src/shared/virt.c
index 6e44794496..fc62c72328 100644
--- a/src/shared/virt.c
+++ b/src/shared/virt.c
@@ -159,10 +159,10 @@ int detect_container(const char **id) {
/* Unfortunately many of these operations require root access
* in one way or another */
- if (geteuid() != 0)
- return -EPERM;
-
- if (running_in_chroot() > 0) {
+ r = running_in_chroot();
+ if (r < 0)
+ return r;
+ if (r > 0) {
if (id)
*id = "chroot";