diff options
author | Jörg Mayer <jmayer@loplof.de> | 2014-01-19 00:48:22 +0000 |
---|---|---|
committer | Jörg Mayer <jmayer@loplof.de> | 2014-01-19 00:48:22 +0000 |
commit | 2a21b01fbbc4c98acf0a02ef9a923d648110eb99 (patch) | |
tree | 9d738aa91bd0dcaf17b01825225587193f129903 | |
parent | 5783452ab27e4f64d75eff9aab5587bdca415e02 (diff) |
Add option to specify special permissions for dumpcap during cmake phase:
set(DUMPCAP_INSTALL_OPTION <val>)
where val is one of "normal" "suid" "capabilities"
Some things left to do:
- Error out in cmake if setcap isn't found or libcap isn't found.
- Move multivalue option handling into it's own macro (-file) with
value checking
svn path=/trunk/; revision=54840
-rw-r--r-- | CMakeLists.txt | 37 | ||||
-rw-r--r-- | CMakeOptions.txt | 5 | ||||
-rw-r--r-- | cmake/modules/FindSETCAP.cmake | 21 |
3 files changed, 59 insertions, 4 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index d9ae48a736..010952a30f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -137,8 +137,17 @@ if(NOT LIBRARY_OUTPUT_PATH) "Single output directory for building all libraries.") endif() - -include(CMakeOptions.txt) +include( CMakeOptions.txt ) +if( DUMPCAP_INSTALL_OPTION STREQUAL "suid" ) + set( DUMPCAP_SETUID "SETUID" ) +else() + set( DUMPCAP_SETUID ) +endif() +if( NOT CMAKE_SYSTEM_NAME STREQUAL "Linux" AND + DUMPCAP_INSTALL_OPTION STREQUAL "capabilities" ) + message( WARNING "Capabilities are only supported on Linux" ) + set( DUMPCAP_INSTALL_OPTION ) +endif() if( CMAKE_C_COMPILER_ID MATCHES "MSVC") if (MSVC10) @@ -492,7 +501,7 @@ endif() # Capabilities if(ENABLE_CAP) - set(PACKAGELIST ${PACKAGELIST} CAP) + set(PACKAGELIST ${PACKAGELIST} CAP SETCAP) endif() if(ENABLE_PYTHON) @@ -1256,7 +1265,27 @@ if(BUILD_dumpcap AND PCAP_FOUND) set_target_properties(dumpcap PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}") set_target_properties(dumpcap PROPERTIES FOLDER "Executables") target_link_libraries(dumpcap ${dumpcap_LIBS}) - install(TARGETS dumpcap RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(TARGETS dumpcap + RUNTIME + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS ${DUMPCAP_SETUID} + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE + ) + if(DUMPCAP_INSTALL_OPTION STREQUAL "capabilities") + install( CODE "execute_process( + COMMAND + ${SETCAP_EXECUTABLE} + cap_net_raw,cap_net_admin+ep + ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/dumpcap${CMAKE_EXECUTABLE_SUFFIX} + RESULT_VARIABLE + _SETCAP_RESULT + ) + if( _SETCAP_RESULT ) + message( ERROR \"setcap failed (${_SETCAP_RESULT}).\") + endif()" + ) + endif() endif() ADD_CUSTOM_COMMAND( diff --git a/CMakeOptions.txt b/CMakeOptions.txt index e1ddb9302a..c3d167eda9 100644 --- a/CMakeOptions.txt +++ b/CMakeOptions.txt @@ -56,3 +56,8 @@ option(ENABLE_CARES "Build with c-ares support" ON) option(ENABLE_NETLINK "Build with libnl support" ON) # todo Mostly hardcoded option(ENABLE_KERBEROS "Build with Kerberos support" ON) +# How to install +set(DUMPCAP_INSTALL_OPTION "normal" CACHE STRING "Permissions to install") +set(DUMPCAP_INST_VALS "normal" "suid" "capabilities") +set_property(CACHE DUMPCAP_INSTALL_OPTION PROPERTY STRINGS ${DUMPCAP_INST_VALS}) + diff --git a/cmake/modules/FindSETCAP.cmake b/cmake/modules/FindSETCAP.cmake new file mode 100644 index 0000000000..4c77120a6b --- /dev/null +++ b/cmake/modules/FindSETCAP.cmake @@ -0,0 +1,21 @@ +# +# $Id$ +# +# Look for the Linux setcap command (capabilities) +# + +find_program( SETCAP_EXECUTABLE + NAMES + setcap + PATHS + /bin + /usr/bin + /usr/local/bin + /sbin +) + +include( FindPackageHandleStandardArgs ) +find_package_handle_standard_args( SETCAP DEFAULT_MSG SETCAP_EXECUTABLE ) + +mark_as_advanced( SETCAP_EXECUTABLE ) + |