From 68427763f47132a21e3fee066f20500a187c3662 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 12 Apr 2018 15:02:53 +0200
Subject: [PATCH] Set SUID bit for clevis-luks-udisks2

The clevis-luks-udisks2 program expects to be run as root. But since it's
executed from a Desktop Application Autostart file, it's run by the user
that started the session. So in order to allow it to be run as root, set
the SUID bit to the executable during the make install target.

This is safe since clevis-luks-udisks2 drops its privileges, and sets the
process credentials to the clevis user for key recovering and to the user
that executed the binary for the unlocking. So the root privilege is only
used to read the LUKS metadata from the encrypted volume.

Fixes: #28

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
 src/udisks2/Makefile.am | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/udisks2/Makefile.am b/src/udisks2/Makefile.am
index 9187ff2b..23fb662b 100644
--- a/src/udisks2/Makefile.am
+++ b/src/udisks2/Makefile.am
@@ -24,3 +24,6 @@ EXTRA_DIST=clevis-luks-udisks2.desktop.in
 	$(AM_V_GEN)$(SED) \
 		-e 's,@libexecdir\@,$(libexecdir),g' \
 		$(srcdir)/$@.in > $@
+
+install-exec-hook:
+	chmod u+s $(DESTDIR)$(libexecdir)/clevis-luks-udisks2