Relentnet/MarineComOS_RPI
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Add parameter to keep cap_setfcap

Browse Source 
Fixes #643
This commit is contained in:
Serge Schneider 2022-11-08 12:04:09 +00:00
parent 549681f6e2
commit c3083ecd50
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -215,6 +215,13 @@ The following environment variables are supported:
public key authentication. Note that if SSH is not enabled this will take public key authentication. Note that if SSH is not enabled this will take
effect when SSH becomes enabled. effect when SSH becomes enabled.
* `SETFCAP` (Default: unset)
* Setting to `1` will prevent pi-gen from dropping the "capabilities"
feature. Generating the root filesystem with capabilities enabled and running
it from a filesystem that does not support capabilities (like NFS) can cause
issues. Only enable this if you understand what it is.
* `STAGE_LIST` (Default: `stage*`) * `STAGE_LIST` (Default: `stage*`)
If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory. If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.

4
build.sh
View File

@ -283,6 +283,10 @@ fi
export NO_PRERUN_QCOW2="${NO_PRERUN_QCOW2:-1}" export NO_PRERUN_QCOW2="${NO_PRERUN_QCOW2:-1}"
if [ "$SETFCAP" != "1" ]; then
export CAPSH_ARG="--drop=cap_setfcap"
fi
dependencies_check "${BASE_DIR}/depends" dependencies_check "${BASE_DIR}/depends"
#check username is valid #check username is valid

4
scripts/common
View File

@ -17,7 +17,7 @@ bootstrap(){
BOOTSTRAP_ARGS+=("$@") BOOTSTRAP_ARGS+=("$@")
printf -v BOOTSTRAP_STR '%q ' "${BOOTSTRAP_ARGS[@]}" printf -v BOOTSTRAP_STR '%q ' "${BOOTSTRAP_ARGS[@]}"
setarch linux32 capsh --drop=cap_setfcap -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true setarch linux32 capsh $CAPSH_ARG -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true
if [ -d "$2/debootstrap" ] && ! rmdir "$2/debootstrap"; then if [ -d "$2/debootstrap" ] && ! rmdir "$2/debootstrap"; then
cp "$2/debootstrap/debootstrap.log" "${STAGE_WORK_DIR}" cp "$2/debootstrap/debootstrap.log" "${STAGE_WORK_DIR}"
@ -90,7 +90,7 @@ on_chroot() {
mount --bind /sys "${ROOTFS_DIR}/sys" mount --bind /sys "${ROOTFS_DIR}/sys"
fi fi
setarch linux32 capsh --drop=cap_setfcap "--chroot=${ROOTFS_DIR}/" -- -e "$@" setarch linux32 capsh $CAPSH_ARG "--chroot=${ROOTFS_DIR}/" -- -e "$@"
} }
export -f on_chroot export -f on_chroot