Add option to specify special permissions for dumpcap during cmake phase:
set(DUMPCAP_INSTALL_OPTION <val>) where val is one of "normal" "suid" "capabilities" Some things left to do: - Error out in cmake if setcap isn't found or libcap isn't found. - Move multivalue option handling into it's own macro (-file) with value checking svn path=/trunk/; revision=54840
This commit is contained in:
parent
5783452ab2
commit
2a21b01fbb
|
@ -137,8 +137,17 @@ if(NOT LIBRARY_OUTPUT_PATH)
|
|||
"Single output directory for building all libraries.")
|
||||
endif()
|
||||
|
||||
|
||||
include(CMakeOptions.txt)
|
||||
include( CMakeOptions.txt )
|
||||
if( DUMPCAP_INSTALL_OPTION STREQUAL "suid" )
|
||||
set( DUMPCAP_SETUID "SETUID" )
|
||||
else()
|
||||
set( DUMPCAP_SETUID )
|
||||
endif()
|
||||
if( NOT CMAKE_SYSTEM_NAME STREQUAL "Linux" AND
|
||||
DUMPCAP_INSTALL_OPTION STREQUAL "capabilities" )
|
||||
message( WARNING "Capabilities are only supported on Linux" )
|
||||
set( DUMPCAP_INSTALL_OPTION )
|
||||
endif()
|
||||
|
||||
if( CMAKE_C_COMPILER_ID MATCHES "MSVC")
|
||||
if (MSVC10)
|
||||
|
@ -492,7 +501,7 @@ endif()
|
|||
|
||||
# Capabilities
|
||||
if(ENABLE_CAP)
|
||||
set(PACKAGELIST ${PACKAGELIST} CAP)
|
||||
set(PACKAGELIST ${PACKAGELIST} CAP SETCAP)
|
||||
endif()
|
||||
|
||||
if(ENABLE_PYTHON)
|
||||
|
@ -1256,7 +1265,27 @@ if(BUILD_dumpcap AND PCAP_FOUND)
|
|||
set_target_properties(dumpcap PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}")
|
||||
set_target_properties(dumpcap PROPERTIES FOLDER "Executables")
|
||||
target_link_libraries(dumpcap ${dumpcap_LIBS})
|
||||
install(TARGETS dumpcap RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(TARGETS dumpcap
|
||||
RUNTIME
|
||||
DESTINATION ${CMAKE_INSTALL_BINDIR}
|
||||
PERMISSIONS ${DUMPCAP_SETUID}
|
||||
OWNER_READ OWNER_WRITE OWNER_EXECUTE
|
||||
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
|
||||
)
|
||||
if(DUMPCAP_INSTALL_OPTION STREQUAL "capabilities")
|
||||
install( CODE "execute_process(
|
||||
COMMAND
|
||||
${SETCAP_EXECUTABLE}
|
||||
cap_net_raw,cap_net_admin+ep
|
||||
${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/dumpcap${CMAKE_EXECUTABLE_SUFFIX}
|
||||
RESULT_VARIABLE
|
||||
_SETCAP_RESULT
|
||||
)
|
||||
if( _SETCAP_RESULT )
|
||||
message( ERROR \"setcap failed (${_SETCAP_RESULT}).\")
|
||||
endif()"
|
||||
)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
ADD_CUSTOM_COMMAND(
|
||||
|
|
|
@ -56,3 +56,8 @@ option(ENABLE_CARES "Build with c-ares support" ON)
|
|||
option(ENABLE_NETLINK "Build with libnl support" ON)
|
||||
# todo Mostly hardcoded
|
||||
option(ENABLE_KERBEROS "Build with Kerberos support" ON)
|
||||
# How to install
|
||||
set(DUMPCAP_INSTALL_OPTION "normal" CACHE STRING "Permissions to install")
|
||||
set(DUMPCAP_INST_VALS "normal" "suid" "capabilities")
|
||||
set_property(CACHE DUMPCAP_INSTALL_OPTION PROPERTY STRINGS ${DUMPCAP_INST_VALS})
|
||||
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# $Id$
|
||||
#
|
||||
# Look for the Linux setcap command (capabilities)
|
||||
#
|
||||
|
||||
find_program( SETCAP_EXECUTABLE
|
||||
NAMES
|
||||
setcap
|
||||
PATHS
|
||||
/bin
|
||||
/usr/bin
|
||||
/usr/local/bin
|
||||
/sbin
|
||||
)
|
||||
|
||||
include( FindPackageHandleStandardArgs )
|
||||
find_package_handle_standard_args( SETCAP DEFAULT_MSG SETCAP_EXECUTABLE )
|
||||
|
||||
mark_as_advanced( SETCAP_EXECUTABLE )
|
||||
|
Loading…
Reference in New Issue