← Back to branch summary

~serge-hallyn/ubuntu/trusty/lxc/lxc-chmod-cache

« back to all changes in this revision

Viewing changes to debian/rules

  • Committer: Serge Hallyn
  • Date: 2013-10-28 17:51:58 UTC
  • Revision ID: serge.hallyn@canonical.com-20131028175158-o35bf2k333pyndz6
debian/rules and debian/lxc.postinst: set /var/lib/lxc to be perms 700.
That prevents unprivileged users from running setuid-root applications.
Install that way by default, and for any previous versions, update the
permissions.  After this version, respect the user's choice.
(LP: #1244635)

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/rules
49
49
        mkdir -p debian/lxc-tests/usr/bin
50
50
        mv debian/lxc/usr/bin/lxc-test-* debian/lxc-tests/usr/bin/
51
51
 
 
52
override_dh_builddeb:
 
53
        # prevent system users from using setuid-root binaries under /var/lib/lxc
 
54
        chmod 700 debian/lxc/var/lib/lxc
 
55
        dh_builddeb
 
56
 
52
57
override_dh_installinit:
53
58
        dh_installinit --no-restart-on-upgrade --name=lxc
54
59
        dh_installinit --no-restart-on-upgrade --name=lxc-net