How does one make an RPM which sets the POSIX capabilities of a file? If I try doing rpmbuild
as a non-root user then I get an error when my makefile’s install hooks try to run setcap
, but if I don’t run setcap
how will rpmbuild
copy the capabilities? There doesn’t seem to be any way to set the capability from within the RPM spec file.
Advertisement
Answer
There is a spec file macro for setting capabilities, %caps
; for some reason this seems to be mainly documented in the release notes and changelogs, so it took a while for me to find it.
It’s used like this in the spec file:
%caps(cap_net_admin=pe) %{_sbindir}/foobar
To get make install
to use setcap
only when invoked by root, you can do something like this:
@if test `id -u` -eq 0; then setcap cap_net_admin=pe $(DEST_SBINDIR)/foobar ; fi