[arch-commits] Commit in syslog-ng/trunk (PKGBUILD cap_syslog.patch)
Tobias Powalowski
tpowa at archlinux.org
Tue Mar 15 15:44:13 UTC 2011
Date: Tuesday, March 15, 2011 @ 11:44:12
Author: tpowa
Revision: 114715
upgpkg: syslog-ng 3.2.2-2
added cap patch for kernel >= 2.6.38
Added:
syslog-ng/trunk/cap_syslog.patch
Modified:
syslog-ng/trunk/PKGBUILD
------------------+
PKGBUILD | 17 +++++++-
cap_syslog.patch | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 116 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-03-15 15:38:48 UTC (rev 114714)
+++ PKGBUILD 2011-03-15 15:44:12 UTC (rev 114715)
@@ -4,7 +4,7 @@
pkgname=syslog-ng
pkgver=3.2.2
-pkgrel=1
+pkgrel=2
pkgdesc="Next-generation syslogd with advanced networking and filtering capabilities"
arch=('i686' 'x86_64')
license=('GPL2')
@@ -19,7 +19,8 @@
source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz
syslog-ng.conf
syslog-ng.logrotate
- syslog-ng.rc)
+ syslog-ng.rc
+ cap_syslog.patch)
md5sums=('ed8ebe559d52a63fb61e3e2db566643f' '344dddfff946300f5576b13a7e8ea19f'\
'735636090be4582885974542d2a75855' 'b90f8f1ba0433e5a1518ac30f882560a')
sha1sums=('3a340f8e72b460cc0bc1ec1d4c86b74678912dd6' 'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f'\
@@ -27,6 +28,8 @@
build() {
cd "$srcdir/$pkgname-$pkgver"
+ # fix #22555 for kernels >=2.6.38
+ patch -Np1 -i ../cap_syslog.patch
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
--libexecdir=/usr/lib --localstatedir=/var/lib/syslog-ng \
--enable-tcp-wrapper \
@@ -43,3 +46,13 @@
install -Dm644 "$srcdir/syslog-ng.logrotate" "$pkgdir/etc/logrotate.d/syslog-ng"
install -Dm755 "$srcdir/syslog-ng.rc" "$pkgdir/etc/rc.d/syslog-ng"
}
+md5sums=('ed8ebe559d52a63fb61e3e2db566643f'
+ '344dddfff946300f5576b13a7e8ea19f'
+ '735636090be4582885974542d2a75855'
+ 'b90f8f1ba0433e5a1518ac30f882560a'
+ '46e5dcff71f820d497898331a3f608fe')
+sha1sums=('3a340f8e72b460cc0bc1ec1d4c86b74678912dd6'
+ 'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f'
+ 'ac997b25d7d8e69e66782d3771a0e12aff55ae7f'
+ '253e59f4182fba46aea56bebc4b79a199fae32bc'
+ 'f093a09626a528d23f0f2aeece018cab15a735a9')
Added: cap_syslog.patch
===================================================================
--- cap_syslog.patch (rev 0)
+++ cap_syslog.patch 2011-03-15 15:44:12 UTC (rev 114715)
@@ -0,0 +1,101 @@
+diff --git a/lib/gprocess.h b/lib/gprocess.h
+index cda35b0..5c449f7 100644
+--- a/lib/gprocess.h
++++ b/lib/gprocess.h
+@@ -28,9 +28,14 @@
+ #include "syslog-ng.h"
+
+ #include <sys/types.h>
++#include <sys/utsname.h>
+
+ #if ENABLE_LINUX_CAPS
+ # include <sys/capability.h>
++#
++# ifndef CAP_SYSLOG
++# define CAP_SYSLOG 34
++# endif
+ #endif
+
+ typedef enum
+@@ -78,5 +83,8 @@ void g_process_finish(void);
+
+ void g_process_add_option_group(GOptionContext *ctx);
+
++extern int kernel_version;
++extern void get_kernel_version(void);
++#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
+
+ #endif
+diff --git a/modules/affile/affile.c b/modules/affile/affile.c
+index e145324..886fa72 100644
+--- a/modules/affile/affile.c
++++ b/modules/affile/affile.c
+@@ -59,7 +59,12 @@ affile_open_file(gchar *name, gint flags,
+ if (privileged)
+ {
+ g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
+- g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
++ if (!kernel_version)
++ get_kernel_version();
++ if (kernel_version < LINUX_VERSION(2, 6, 38))
++ g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
++ else
++ g_process_cap_modify(CAP_SYSLOG, TRUE);
+ }
+ else
+ {
+diff --git a/syslog-ng/main.c b/syslog-ng/main.c
+index 9880c1f..ee5031b 100644
+--- a/syslog-ng/main.c
++++ b/syslog-ng/main.c
+@@ -67,6 +67,7 @@ static gboolean syntax_only = FALSE;
+ static gboolean display_version = FALSE;
+ static gchar *ctlfilename = PATH_CONTROL_SOCKET;
+ static gchar *preprocess_into = NULL;
++int kernel_version;
+
+ static volatile sig_atomic_t sig_hup_received = FALSE;
+ static volatile sig_atomic_t sig_term_received = FALSE;
+@@ -363,6 +364,20 @@ version(void)
+ ON_OFF_STR(ENABLE_PACCT_MODULE));
+ }
+
++void
++get_kernel_version(void) {
++ static struct utsname uts;
++ int x = 0, y = 0, z = 0;
++
++ if (uname(&uts) == -1) {
++ fprintf(stderr, "Unable to retrieve kernel version.\n");
++ exit(1);
++ }
++
++ sscanf(uts.release, "%d.%d.%d", &x, &y, &z);
++ kernel_version = LINUX_VERSION(x, y, z);
++}
++
+ int
+ main(int argc, char *argv[])
+ {
+@@ -379,9 +394,20 @@ main(int argc, char *argv[])
+ * indicate readability. Enabling/disabling cap_sys_admin on every poll
+ * invocation seems to be too expensive. So I enable it for now. */
+
+- g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
++ if (!kernel_version)
++ get_kernel_version();
++ if (kernel_version < LINUX_VERSION(2, 6, 34))
++ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
+ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p "
+ "cap_sys_admin=ep");
++ else if (kernel_version < LINUX_VERSION(2, 6, 38))
++ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
++ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner,"
++ "cap_sys_admin=p");
++ else
++ g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
++ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner,"
++ "cap_syslog=p");
+ ctx = g_option_context_new("syslog-ng");
+ g_process_add_option_group(ctx);
+ msg_add_option_group(ctx);
More information about the arch-commits
mailing list