[Spice-devel] [PATCH spice-gtk] Makefile: Ensure the acl helper is installed before making it suid root
Christophe Fergeau
cfergeau at redhat.com
Wed Jan 4 02:10:36 PST 2012
ACK
On Wed, Jan 04, 2012 at 11:08:51AM +0100, Hans de Goede wrote:
> On my system when running make install, after installing the libraries it
> first executes install-binPROGRAMS:
>
> /bin/sh ../libtool --mode=install /usr/bin/install -c spicy snappy spicy-st
> libtool: install: /usr/bin/install -c .libs/spicy /usr/bin/spicy
> libtool: install: /usr/bin/install -c .libs/snappy /usr/bin/snappy
> libtool: install: /usr/bin/install -c .libs/spicy-stats /usr/bin/spicy-stats
>
> Then the install-exec-hook:
>
> make install-exec-hook
> make[6]: Entering directory `/home/hans/projects/spice/spice-gtk/gtk'
> chown root /usr/bin//spice-client-glib-usb-acl-helper
> chmod u+s /usr/bin//spice-client-glib-usb-acl-helper
>
> And only then does it install the actual helper by executing
> install-aclPROGRAMS:
>
> /bin/sh ../libtool --mode=install /usr/bin/install -c spice-client-glib-usb
> libtool: install: /usr/bin/install -c spice-client-glib-usb-acl-helper /usr/bin
>
> Which means that the install-exec-hook runs too early, either there is no
> spice-client-glib-usb-acl-helper for it to make suid root, or if there is it
> will later get overwritten and its rights will get reset.
>
> The problem is that install-fooPROGRAMS gets run as part of install-data,
> not install-exec. So we can fix this by changing the code to make the helper
> suid root run from install-data-hook.
>
> Signed-off-by: Hans de Goede <hdegoede at redhat.com>
> ---
> gtk/Makefile.am | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/gtk/Makefile.am b/gtk/Makefile.am
> index 82a0cbf..85a78a6 100644
> --- a/gtk/Makefile.am
> +++ b/gtk/Makefile.am
> @@ -383,7 +383,7 @@ spice_client_glib_usb_acl_helper_CPPFLAGS = \
> $(POLKIT_CFLAGS) \
> $(NULL)
>
> -install-exec-hook:
> +install-data-hook:
> -chown root $(DESTDIR)$(acldir)/spice-client-glib-usb-acl-helper
> -chmod u+s $(DESTDIR)$(acldir)/spice-client-glib-usb-acl-helper
>
> --
> 1.7.7.4
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20120104/9a7fe53f/attachment.pgp>
More information about the Spice-devel
mailing list