Summary: | www-servers/apache-2.4.34-r2: suexec-caps not working | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Manuel Mausz <manuel-gentoo> |
Component: | Current packages | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | jstein |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Manuel Mausz
2018-09-12 00:20:38 UTC
Looks like fcaps eclass adds IUSE filecaps, so something like this should be better:
> fowners 0:${SUEXEC_CALLER:-apache} /usr/sbin/suexec
> if use suexec-caps ; then
> fperms 0710 /usr/sbin/suexec
> setcap cap_setuid,cap_setgid+pe "${ED%/}/usr/sbin/suexec"
> else
> fperms 4710 /usr/sbin/suexec
> fi
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7470c19b301ffe27fe8f20df46906827b3f24972 commit 7470c19b301ffe27fe8f20df46906827b3f24972 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-09-24 11:22:38 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-09-24 11:27:16 +0000 apache2.eclass: Attempt to fix USE="suexec-caps" Bug: https://bugs.gentoo.org/665742 eclass/apache-2.eclass | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) This is still not 100% fixed. The current code with suexec but without suexec-caps and suexec-log use flags results in the configure arguments: --without-suexec-syslog no
This can be fixed by encapsulating the inner usex call within double quotes. Like so:
> MY_CONF+=( $(usex suexec-syslog "$(usex suexec-caps --enable-suexec-capabilities '')" '') )
I haven't tested any other use flag combinations
|