[Libreoffice-commits] online.git: loolwsd/debian loolwsd/LOOLKit.cpp loolwsd/loolwsd.spec.in loolwsd/Makefile.am
Tor Lillqvist
tml at collabora.com
Tue Mar 1 16:26:59 UTC 2016
loolwsd/LOOLKit.cpp | 19 -------------------
loolwsd/Makefile.am | 4 ++--
loolwsd/debian/loolwsd.postinst | 4 ++--
loolwsd/loolwsd.spec.in | 4 ++--
4 files changed, 6 insertions(+), 25 deletions(-)
New commits:
commit d5292541bddfea8317d1996899f86bdab56b5eca
Author: Tor Lillqvist <tml at collabora.com>
Date: Tue Mar 1 18:22:55 2016 +0200
Revert "Also chown the random devices to root:root and chmod to 666"
Not needed after all. It was a red herring. The device files work fine
even if not owned by root:root and with mode 664. The actual problem
was that I used a file system mounted with nodev when testing loolwsd.
This reverts commit 509314d5598b68fa9a449a1a7348b10f25b7014a
diff --git a/loolwsd/LOOLKit.cpp b/loolwsd/LOOLKit.cpp
index 6ca626f..f89a324 100644
--- a/loolwsd/LOOLKit.cpp
+++ b/loolwsd/LOOLKit.cpp
@@ -864,30 +864,12 @@ void lokit_main(const std::string& childRoot,
Log::error("Error: mknod(" + jailPath.toString() + "/dev/random) failed.");
}
- if (chmod((jailPath.toString() + "/dev/random").c_str(), 0666) != 0)
- {
- Log::error("Error: chmod(" + jailPath.toString() + "/dev/random, 0666) failed.");
-
- }
- if (chown((jailPath.toString() + "/dev/random").c_str(), 0, 0) != 0)
- {
- Log::error("Error: chown(" + jailPath.toString() + "/dev/random, 0, 0) failed.");
-
- }
if (mknod((jailPath.toString() + "/dev/urandom").c_str(),
S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH,
makedev(1, 9)) != 0)
{
Log::error("Error: mknod(" + jailPath.toString() + "/dev/urandom) failed.");
}
- if (chmod((jailPath.toString() + "/dev/urandom").c_str(), 0666) != 0)
- {
- Log::error("Error: chmod(" + jailPath.toString() + "/dev/urandom, 0666) failed.");
- }
- if (chown((jailPath.toString() + "/dev/urandom").c_str(), 0, 0) != 0)
- {
- Log::error("Error: chown(" + jailPath.toString() + "/dev/urandom, 0, 0) failed.");
- }
Log::info("chroot(\"" + jailPath.toString() + "\")");
if (chroot(jailPath.toString().c_str()) == -1)
@@ -904,7 +886,6 @@ void lokit_main(const std::string& childRoot,
dropCapability(CAP_SYS_CHROOT);
dropCapability(CAP_MKNOD);
- dropCapability(CAP_CHOWN);
dropCapability(CAP_FOWNER);
loKit = lok_init_2(instdir_path.c_str(), "file:///user");
diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am
index 802876a..b14f1fd 100644
--- a/loolwsd/Makefile.am
+++ b/loolwsd/Makefile.am
@@ -45,8 +45,8 @@ clean-cache:
all-local: loolwsd loolbroker
if test "$$BUILDING_FROM_RPMBUILD" != yes; then \
if test `uname -s` = Linux; then \
- sudo @SETCAP@ cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep loolbroker; \
- sudo @SETCAP@ cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep loolkit; \
+ sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolbroker; \
+ sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolkit; \
else \
sudo chown root loolbroker && sudo chmod u+s loolbroker; \
sudo chown root loolbroker && sudo chmod u+s loolkit; \
diff --git a/loolwsd/debian/loolwsd.postinst b/loolwsd/debian/loolwsd.postinst
index 909332a..bb4f6da 100755
--- a/loolwsd/debian/loolwsd.postinst
+++ b/loolwsd/debian/loolwsd.postinst
@@ -4,8 +4,8 @@ set -e
case "$1" in
configure)
- setcap cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep /usr/bin/loolkit || true
- setcap cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep /usr/bin/loolbroker || true
+ setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/loolkit || true
+ setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/loolbroker || true
adduser --quiet --system --group --home /opt/lool lool
mkdir -p /var/cache/loolwsd && chown lool: /var/cache/loolwsd
diff --git a/loolwsd/loolwsd.spec.in b/loolwsd/loolwsd.spec.in
index 54ddf17..c2d8f5d 100644
--- a/loolwsd/loolwsd.spec.in
+++ b/loolwsd/loolwsd.spec.in
@@ -69,8 +69,8 @@ echo "0 0 */1 * * root find /var/cache/loolwsd -name \"*.png\" -a -atime +10 -ex
%service_add_pre loolwsd.service
%post
-setcap cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep /usr/bin/loolbroker
-setcap cap_fowner,cap_mknod,cap_chown,cap_sys_chroot=ep /usr/bin/loolkit
+setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/loolbroker
+setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/loolkit
getent group %{group} >/dev/null || groupadd -r %{group}
getent passwd %{owner} >/dev/null || useradd -g %{group} -r %{owner}
More information about the Libreoffice-commits
mailing list