New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added a very simply way to backup up capabilities. #771
Conversation
getcap and setcap are used to backup and restore.
setcap $cap ${TARGET_FS_ROOT}/${file} | ||
done < <(cat $VAR_DIR/recovery/capabilities | sed 's/=//') | ||
else | ||
Log "setcap binary not found." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you observe this? Better rely on REQUIRED_PROGS and simply assume that it works. And if not then we should urgently fix REQUIRED_PROGS
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As you added setcap
and getcap
to the REQUIRED_PROGS
array remove the if which
check as it is unneeded (rest assure the test for REQUIRED_PROGS works fine).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In my opinion the REQUIRED_PROGS
in prep/default/95_check_missing_programs.sh
is not working correctly. Bash is not my favorite thing so maybe I am wrong.
Due to MISSING_PROGS=("")
the later test -n "$MISSING_PROGS"
always detects the first element as null.
[root@cen2 rear]# MISSING_PROGS=("")
[root@cen2 rear]# MISSING_PROGS=( "${MISSING_PROGS[@]}" "missing_bin" )
[root@cen2 rear]# if test -n "$MISSING_PROGS" ; then echo "something is missing" ;fi
What works for me is
if [ ${#MISSING_PROGS[@]} -ne 1 ] ; then echo "something is missing" ;fi
Hi @mattihautameki, thanks a lot for this pull request! This is indeed a missing feature and thanks a lot for providing us with a first implementation. I went through the code and left some detailed comments. IMHO only the following are real blockers:
Kind Regards, |
Regarding #771 (comment) "REQUIRED_PROGS is not working correctly": Also in my opinion REQUIRED_PROGS is not working correctly, see #755 (comment) and subsequent comments. But I still do not know under what exact circumstances rear should fail with an error if something in REQUIRED_PROGS is missing so that I cannot decide if REQUIRED_PROGS currently works as intended or not. |
Do the test for NETFS_RESTORE_CAPABILITIES with is_true. Fixed the MISSING_PROGS check in 95_check_missing_programs.sh. Set the capabilities in a more robust way. Hopefully the output of getcap stays constant. Moved 41_save_capabilities.sh to rescue/NETFS because capabilities are backup up to the tar archive but are not present in the rescue iso.
Hi!
I also moved the block which is collecting the capabilities Kind Regards, |
@mattihautameki looks OK to me. Thank you for the new (missing) feature. |
Added a very simply way to backup up capabilities.
Since capabilities are not backuped with tar I implemented a file based backup using getcap and setcap.This commit was tested on SLES12 and RHEL7. Both use capabilities instead of SUID for ping, arping, etc.