[Pkg-kde-extras] Bug#784261: Unconditionally disables remote jobs if not run as root; fixable by compiling with libcap-ng and a small patch
KORN Andras
korn at elan.rulez.org
Mon May 4 17:20:44 UTC 2015
Source: icecc
Version: icecc-1.0.1
Severity: normal
Tags: upstream patch
Hi,
currently iceccd will refuse to accept remote jobs if it's not run as root.
However, as far as I can tell it only requires the CAP_SYS_CHROOT
capability, which can be granted by running
setcap cap_sys_chroot+ep /usr/sbin/iceccd
(I also made the capability inheritable by using +eip; I'm not sure if
that's needed.)
iceccd already has the beginnings of capability support, so this is almost
sufficient; main.cpp needs a small patch so it doesn't unconditionally
disable remote jobs if it isn't running as root.
I'm attaching the patch (which also modifies debian/control to Build-Depends
on libcap-ng-dev).
Andras
--
What happens if you .ARC de Triomphe?
More information about the pkg-kde-extras
mailing list