Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 399958 Details for
Bug 544766
app-admin/syslog-ng: add USE filecaps and run with minimal privileges by default
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ebuild
syslog-ng-3.6.2.ebuild (text/plain), 4.99 KB, created by
Nikoli
on 2015-03-28 16:02:23 UTC
(
hide
)
Description:
ebuild
Filename:
MIME Type:
Creator:
Nikoli
Created:
2015-03-28 16:02:23 UTC
Size:
4.99 KB
patch
obsolete
># Copyright 1999-2015 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 ># $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/syslog-ng-3.6.2.ebuild,v 1.7 2015/03/25 14:01:18 ago Exp $ > >EAPI=5 >inherit eutils fcaps user multilib systemd versionator > >MY_PV=${PV/_/} >MY_PV_MM=$(get_version_component_range 1-2) >DESCRIPTION="syslog replacement with advanced filtering features" >HOMEPAGE="http://www.balabit.com/network-security/syslog-ng" >SRC_URI="http://www.balabit.com/downloads/files/syslog-ng/sources/${MY_PV}/source/syslog-ng_${MY_PV}.tar.gz" > >LICENSE="GPL-2+ LGPL-2.1+" >SLOT="0" >KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" >IUSE="amqp caps dbi extra-caps geoip ipv6 json mongodb pacct redis smtp spoof-source ssl systemd tcpd" >REQUIRED_USE="extra-caps? ( filecaps )" >RESTRICT="test" > >RDEPEND=" > caps? ( sys-libs/libcap ) > dbi? ( >=dev-db/libdbi-0.8.3 ) > geoip? ( >=dev-libs/geoip-1.5.0 ) > json? ( >=dev-libs/json-c-0.9 ) > redis? ( dev-libs/hiredis ) > smtp? ( net-libs/libesmtp ) > spoof-source? ( net-libs/libnet:1.1 ) > ssl? ( dev-libs/openssl:= ) > systemd? ( sys-apps/systemd ) > tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) > dev-libs/libpcre > >=dev-libs/eventlog-0.2.12 > >=dev-libs/glib-2.10.1:2" >DEPEND="${RDEPEND} > virtual/pkgconfig > sys-devel/flex" > >S=${WORKDIR}/${PN}-${MY_PV} > >pkg_setup() { > if use caps; then > ewarn "\"caps\" USE flag is only useful for limiting privileges when running syslog-ng as root." > ewarn "It is suggested to use \"filecaps\" instead and run as syslog-ng user." > fi >} > >src_prepare() { > epatch "${FILESDIR}"/${MY_PV_MM}/${P}-redis.patch > cp "${FILESDIR}"/*logrotate*.in "${TMPDIR}" || die > cd "${TMPDIR}" || die > > for f in *logrotate*.in ; do > if use systemd ; then > sed \ > 's/@GENTOO_RESTART@/systemctl kill -s HUP syslog-ng/' \ > $f > ${f/.in/} || die > else > sed \ > 's:@GENTOO_RESTART@:/etc/init.d/syslog-ng reload:' \ > $f > ${f/.in/} || die > fi > done > epatch_user >} > >src_configure() { > econf \ > --disable-docs \ > --with-embedded-crypto \ > --with-ivykis=internal \ > --with-libmongo-client=internal \ > --sysconfdir=/etc/syslog-ng \ > --localstatedir=/var/lib/syslog-ng \ > --with-pidfile-dir=/var/run \ > --with-module-dir=/usr/$(get_libdir)/syslog-ng \ > $(systemd_with_unitdir) \ > $(use_enable systemd) \ > $(use_enable caps linux-caps) \ > $(use_enable geoip) \ > $(use_enable ipv6) \ > $(use_enable json) \ > $(use_enable mongodb) \ > $(use_enable pacct) \ > $(use_enable redis) \ > $(use_enable smtp) \ > $(use_enable amqp) \ > $(usex amqp --with-librabbitmq-client=internal --without-librabbitmq-client) \ > $(use_enable spoof-source) \ > $(use_enable dbi sql) \ > $(use_enable ssl) \ > $(use_enable tcpd tcp-wrapper) >} > >src_install() { > # -j1 for bug #484470 > emake -j1 DESTDIR="${D}" install > > dodoc AUTHORS NEWS.md CONTRIBUTING.md contrib/syslog-ng.conf* \ > contrib/syslog2ng "${FILESDIR}/${MY_PV_MM}/syslog-ng.conf.gentoo.hardened" \ > "${TMPDIR}/syslog-ng.logrotate.hardened" "${FILESDIR}/README.hardened" > > # Install default configuration > insinto /etc/syslog-ng > if use userland_BSD ; then > newins "${FILESDIR}/${MY_PV_MM}/syslog-ng.conf.gentoo.fbsd" syslog-ng.conf > else > newins "${FILESDIR}/${MY_PV_MM}/syslog-ng.conf.gentoo" syslog-ng.conf > fi > > insinto /etc/logrotate.d > newins "${TMPDIR}/syslog-ng.logrotate" syslog-ng > > newinitd "${FILESDIR}/${MY_PV_MM}/syslog-ng.rc6" syslog-ng > newconfd "${FILESDIR}/${MY_PV_MM}/syslog-ng.confd" syslog-ng > keepdir /etc/syslog-ng/patterndb.d /var/lib/syslog-ng > prune_libtool_files --modules >} > >pkg_postinst() { > enewuser syslog-ng > > # Capabilities, see 'man capabilities 7' for more info: > # > # 'cap_syslog' is required to read /proc/kmsg, if disabled syslog-ng fails with these errors: > # Error opening file for reading; filename='/proc/kmsg', error='Operation not permitted (1)' > # Error initializing message pipeline; > # > # 'cap_dac_override' is required to read /dev/log, if disabled syslog-ng fails with these errors: > # Error binding socket; addr='AF_UNIX(/dev/log)', error='Address already in use (98)' > # Error initializing message pipeline; > # > # 'cap_chown' is required to change owners of logs > > # enable minimal required for standalone logger capabilities > logger_caps='cap_chown,cap_dac_override,cap_syslog' > # enable all capabilities from syslog-ng/main.c BASE_CAPS > use extra-caps && logger_caps+=',cap_chown,cap_dac_read_search,cap_net_bind_service,cap_net_broadcast,cap_net_raw' > > chown root:syslog-ng "${EROOT}"/usr/sbin/syslog-ng || die > fcaps -o root -g syslog-ng -m 4710 -M 0710 "${logger_caps}+ep" /usr/sbin/syslog-ng > > elog "For detailed documentation please see the upstream website:" > elog "http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.6-guides/en/syslog-ng-ose-v3.6-guide-admin/html/index.html" > > # bug #355257 > if ! has_version app-admin/logrotate ; then > echo > elog "It is highly recommended that app-admin/logrotate be emerged to" > elog "manage the log files. ${PN} installs a file in /etc/logrotate.d" > elog "for logrotate to use." > echo > fi >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 544766
:
399956
| 399958 |
399960
|
524078
|
524080