Add option to specify special permissions for dumpcap during cmake phase:

set(DUMPCAP_INSTALL_OPTION <val>) where val is one of "normal" "suid" "capabilities" Some things left to do: - Error out in cmake if setcap isn't found or libcap isn't found. - Move multivalue option handling into it's own macro (-file) with value checking svn path=/trunk/; revision=54840
2014-01-19 00:48:22 +00:00 · 2014-01-19 00:48:22 +00:00 · 2a21b01fbb
parent 5783452ab2
commit 2a21b01fbb
3 changed files with 59 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -137,8 +137,17 @@ if(NOT LIBRARY_OUTPUT_PATH)
 		   "Single output directory for building all libraries.")
 endif()

-
-include(CMakeOptions.txt)
+include( CMakeOptions.txt )
+if( DUMPCAP_INSTALL_OPTION STREQUAL "suid" )
+	set( DUMPCAP_SETUID "SETUID" )
+else()
+	set( DUMPCAP_SETUID )
+endif()
+if( NOT CMAKE_SYSTEM_NAME STREQUAL "Linux" AND
+	DUMPCAP_INSTALL_OPTION STREQUAL "capabilities" )
+	message( WARNING "Capabilities are only supported on Linux" )
+	set( DUMPCAP_INSTALL_OPTION )
+endif()

 if( CMAKE_C_COMPILER_ID MATCHES "MSVC")
 	if (MSVC10)
@ -492,7 +501,7 @@ endif()

 # Capabilities
 if(ENABLE_CAP)
-	set(PACKAGELIST ${PACKAGELIST} CAP)
+	set(PACKAGELIST ${PACKAGELIST} CAP SETCAP)
 endif()

 if(ENABLE_PYTHON)
@ -1256,7 +1265,27 @@ if(BUILD_dumpcap AND PCAP_FOUND)
 	set_target_properties(dumpcap PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}")
 	set_target_properties(dumpcap PROPERTIES FOLDER "Executables")
 	target_link_libraries(dumpcap ${dumpcap_LIBS})
-	install(TARGETS dumpcap RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+	install(TARGETS dumpcap
+			RUNTIME
+			DESTINATION ${CMAKE_INSTALL_BINDIR}
+			PERMISSIONS ${DUMPCAP_SETUID}
+				OWNER_READ OWNER_WRITE OWNER_EXECUTE
+				GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+	)
+	if(DUMPCAP_INSTALL_OPTION STREQUAL "capabilities")
+		install( CODE "execute_process(
+			COMMAND
+				${SETCAP_EXECUTABLE}
+				cap_net_raw,cap_net_admin+ep
+				${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/dumpcap${CMAKE_EXECUTABLE_SUFFIX}
+			RESULT_VARIABLE
+				_SETCAP_RESULT
+			)
+			if( _SETCAP_RESULT )
+				message( ERROR \"setcap failed (${_SETCAP_RESULT}).\")
+			endif()"
+		)
+	endif()
 endif()

 ADD_CUSTOM_COMMAND(
--- a/CMakeOptions.txt
+++ b/CMakeOptions.txt
@ -56,3 +56,8 @@ option(ENABLE_CARES      "Build with c-ares support" ON)
 option(ENABLE_NETLINK    "Build with libnl support" ON)
 # todo Mostly hardcoded
 option(ENABLE_KERBEROS   "Build with Kerberos support" ON)
+# How to install
+set(DUMPCAP_INSTALL_OPTION   "normal" CACHE STRING "Permissions to install")
+set(DUMPCAP_INST_VALS "normal" "suid" "capabilities")
+set_property(CACHE DUMPCAP_INSTALL_OPTION PROPERTY STRINGS ${DUMPCAP_INST_VALS})
+
--- a/cmake/modules/FindSETCAP.cmake
+++ b/cmake/modules/FindSETCAP.cmake
@ -0,0 +1,21 @@
+#
+# $Id$
+#
+# Look for the Linux setcap command (capabilities)
+#
+
+find_program( SETCAP_EXECUTABLE
+  NAMES
+    setcap
+  PATHS
+    /bin
+    /usr/bin
+    /usr/local/bin
+    /sbin
+)
+
+include( FindPackageHandleStandardArgs )
+find_package_handle_standard_args( SETCAP DEFAULT_MSG SETCAP_EXECUTABLE )
+
+mark_as_advanced( SETCAP_EXECUTABLE )
+