46 lines
1.2 KiB
Bash
Executable File
46 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
# Alternatively this check can be disabled by preseeding:
|
|
# echo "iproute2/setcaps boolean false" | debconf-set-selections
|
|
|
|
. /usr/share/debconf/confmodule
|
|
|
|
case "$1" in
|
|
configure)
|
|
if command -v setcap > /dev/null; then
|
|
db_get iproute2/setcaps
|
|
|
|
# Allow dpkg-reconfigure to remove caps
|
|
if test "$RET" = "true"; then
|
|
if ! setcap "cap_dac_override,cap_sys_admin,cap_net_admin=ep" /bin/ip; then
|
|
echo "Setcap failed on /bin/ip, ip vrf exec will not be runnable by non-root" >&2
|
|
fi
|
|
else
|
|
# setcap -r fails if the xattr is not present
|
|
if getcap /bin/ip | grep -qs "/bin/ip"; then
|
|
if ! setcap "-r" /bin/ip; then
|
|
echo "Setcap -r failed on /bin/ip, could not remove capabilities" >&2
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
|
|
|
|
exit 0
|