proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 19:50:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0780e34389
mirror_lxc/lxc.spec.in
dlezcano 0780e34389 Add setpcap capabilty to be able to drop the sys_boot capabilty. 
From: Daniel Lezcano <dlezcano@fr.ibm.com>

Previously, we dropped the CAP_SYS_BOOT capabilty. Unfortunatly if we are
non root user, we are not able to do that. So I had the CAP_SETPCAP to
lxc-execute and lxc-start command line to remove this capabilty.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
2008-11-13 16:53:23 +00:00

155 lines
4.1 KiB
RPMSpec
Raw Blame History

#
# lxc: linux Container library
#
# (C) Copyright IBM Corp. 2007, 2008
#
# Authors:
# Daniel Lezcano <dlezcano at fr.ibm.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
%define _unpackaged_files_terminate_build 0
%define RELEASE 1
%define rel %{?CUSTOM_RELEASE} %{!?CUSTOM_RELEASE: %RELEASE}
#
# Arguments that can be passed to the rpm builder:
#
# --define 'confargs <extra args to configure args>' (def. '')
#
%{!?confargs: %{expand:%%define confargs ''}}
# What kernel are we building for?
%{!?kernel: %{expand:%%define kernel %(uname -r)}}
%define _prefix /usr
Name: @PACKAGE@
Version: @VERSION@
Release: %{rel}
Packager: <dlezcano@fr.ibm.com>
URL: http://lxc.sourceforge.net
Summary: %name
Group: Applications/System
License: LGPL
Source: %name/%name-%version.tar.gz
BuildRoot: %_tmppath/%name-%version-root
%description
The package "%name" provides the command lines to create and manage
containers. It contains a full featured container with the isolation
/ virtualization of the pids, the ipc, the utsname, the mount points,
/proc, /sys, the network and it takes into account the control groups.
It is very light, flexible, and provides a set of tools around the
container like the monitoring with asynchronous events notification,
or the freeze of the container. This package is useful to create
Virtual Private Server, or to run isolated applications like bash or
sshd.
%package devel
Release: %{rel}
Summary: development library for %{name}
Requires: libcap
Group: Application/System
%description devel
The %{name}-devel package contains header files and library needed for
development of containers
%prep
%setup -q
%build
# I don't understand why but I have to specify this prefix :(
%configure --prefix=/ $args
ncpus=`egrep -c "^cpu[0-9]+" /proc/stat || :`
make -j$ncpus
%install
rm -rf %{buildroot}
%makeinstall
%clean
rm -rf %{buildroot}
%post
if [ -d /var/lxc ]; then
for i in $(ls -1 /var/lxc); do
chmod -fR go-rwx /var/lxc/$i
done
mv /var/lxc /var/lxc.rpm-$$
fi
mkdir -p /var/lxc
if [ -d /var/lxc.rpm-$$ ]; then
for i in $(ls -1 /var/lxc.rpm-$$); do
cp -a /var/lxc.rpm-$$/$i /var/lxc
done
fi
chmod ugo+w /var/lxc
PATH=$PATH:/usr/sbin:/sbin
which setcap 2>&1 > /dev/null
RES=$?
if [ $RES != 0 ]; then
echo -e "\t********************WARNING*************************"
echo -e "\t* The 'setcap' command was not found, this is not *"
echo -e "\t* a problem and the 'lxc' package is installed but *"
echo -e "\t* you will have to run the 'lxc' commands as root. *"
echo -e "\t* If you wish to run these commands as a non-root *"
echo -e "\t* user, you will need to install libcap-2 package *"
echo -e "\t* and reinstall the lxc package *"
echo -e "\t****************************************************"
else
setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-execute && \
setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-start && \
setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-restart && \
setcap cap_sys_admin=ep %{_bindir}/lxc-init
fi
%files
%defattr(-,root,root)
%{_sysconfdir}/%{name}/*
%{_libdir}/*.so*
%{_bindir}/*
%files devel
%defattr(-,root,root)
%{_includedir}/%{name}/*
%{_libdir}/*.a
%post devel
%changelog
* Sun Aug 3 2008 Daniel Lezcano <dlezcano@fr.ibm.com> - Version 0.1.0
- Initial RPM release.
# Local variables:
# mode: shell-script
# sh-shell: rpm
# end:
Reference in New Issue View Git Blame Copy Permalink