Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net-misc/balance: add net_bind_service capability #24325

Closed
wants to merge 1 commit into from
Closed

net-misc/balance: add net_bind_service capability #24325

wants to merge 1 commit into from

Conversation

glorg
Copy link
Contributor

@glorg glorg commented Feb 22, 2022
edited

This changes binary capabilities and allows binding to privileged ports for non-root

@gentoo-bot gentoo-bot added maintainer-needed There is at least one affected package with no maintainer. Review it if you can. assigned PR successfully assigned to the package maintainer(s). no bug found No Bug/Closes found in the commits. no signoff One or more commits do not indicate GCO sign-off. labels Feb 22, 2022
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 10:11 UTC
Newest commit scanned: e0fd851
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/e482769d25/output.html

arkamar
arkamar suggested changes Feb 23, 2022
View reviewed changes
net-misc/balance/balance-3.57-r1.ebuild Outdated Show resolved Hide resolved
net-misc/balance/balance-3.57-r1.ebuild Outdated Show resolved Hide resolved
net-misc/balance/balance-3.57-r1.ebuild Outdated Show resolved Hide resolved
net-misc/balance/balance-3.57-r1.ebuild Outdated Show resolved Hide resolved
net-misc/balance/balance-3.57-r1.ebuild Outdated Show resolved Hide resolved
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 18:26 UTC
Newest commit scanned: 52af31d
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/7c7f352adf/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 18:41 UTC
Newest commit scanned: 8dc30cf
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/0d49c0026b/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 19:36 UTC
Newest commit scanned: eeff313
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/d783749fe4/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 20:01 UTC
Newest commit scanned: 60d4e6f
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/625ae96a4b/output.html

arkamar
arkamar reviewed Feb 23, 2022
View reviewed changes
net-misc/balance/balance-3.57-r1.ebuild
pkg_postinst() {
fcaps_pkg_postinst
elog "To run as non-root, be sure to have rendezvous directory created"
elog "with either 'mkdir -m 01777 /var/run/balance' or using tmpfiles."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally don't think this message is necessary here, because balance itself prints following message on start:

ERROR: rendezvous directory not available and/or creatable
       please create /var/run/balance/ with mode 01777 like this: 
       # mkdir -m 01777 /var/run/balance/

But it is probably ok to go with it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In case /var/run is on tmpfs and cleaned with reboots, this will point the user on what tool (tmpfiles) to use for solving this problem correctly and what's required for the server to run.

@arkamar
Copy link
Member

arkamar commented Feb 23, 2022

I think it would be better to change title of the commit message to somehting like net-misc/balance: add capability. The message is meant for devs and they see it is related to 3.57-r1 revision in diff. Also append [please reassign] to the pull request title in order to remove no signoff label.

@glorg glorg changed the title net-misc/balance: ebuild revision 3.57-r1 net-misc/balance: add net_bind_service capability Feb 23, 2022
@glorg
net-misc/balance: add net_bind_service capability
3c0ec7e 
This changes binary capabilities and allows binding
to privileged ports for non-root

Signed-off-by: Eugene Glorg <glorg@railglorg.net>
@glorg glorg changed the title net-misc/balance: add net_bind_service capability net-misc/balance: add net_bind_service capability [please reassign] Feb 23, 2022
@gentoo-bot gentoo-bot changed the title net-misc/balance: add net_bind_service capability [please reassign] net-misc/balance: add net_bind_service capability Feb 23, 2022
@gentoo-bot
Copy link

Pull Request assignment

Submitter: @glorg
Areas affected: ebuilds
Packages affected: net-misc/balance

net-misc/balance: @gentoo/proxy-maint (maintainer needed)

Linked bugs

No bugs to link found. If your pull request references any of the Gentoo bug reports, please add appropriate GLEP 66 tags to the commit message and request reassignment.

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added maintainer-needed There is at least one affected package with no maintainer. Review it if you can. assigned PR successfully assigned to the package maintainer(s). no bug found No Bug/Closes found in the commits. and removed assigned PR successfully assigned to the package maintainer(s). maintainer-needed There is at least one affected package with no maintainer. Review it if you can. no bug found No Bug/Closes found in the commits. no signoff One or more commits do not indicate GCO sign-off. labels Feb 23, 2022
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-02-23 21:21 UTC
Newest commit scanned: 3c0ec7e
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/118da68718/output.html

thesamesam
thesamesam reviewed Feb 26, 2022
View reviewed changes
net-misc/balance/balance-3.57-r1.ebuild
PATCHES=( "${FILESDIR}"/${P}-Makefile.patch )

FILECAPS=(
'CAP_NET_BIND_SERVICE' '/usr/sbin/balance'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made this path relative.

@thesamesam
Copy link
Member

Minor followup done in 052d733. Thank you and thanks to @arkamar for reviewing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thesamesam thesamesam thesamesam left review comments

@arkamar arkamar arkamar approved these changes

Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). maintainer-needed There is at least one affected package with no maintainer. Review it if you can. no bug found No Bug/Closes found in the commits.
Projects
None yet
Milestone
No milestone
5 participants
@glorg @gentoo-repo-qa-bot @arkamar @gentoo-bot @thesamesam