From patchwork Wed Aug 29 17:24:06 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Axel Burri <axel@tty0.ch>
X-Patchwork-Id: 10580717
Return-Path: <linux-btrfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C1A98139B
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
 Wed, 29 Aug 2018 17:31:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A32012B88A
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
 Wed, 29 Aug 2018 17:31:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A13E92B880; Wed, 29 Aug 2018 17:31:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 70BA92B88A
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
 Wed, 29 Aug 2018 17:31:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727661AbeH2V3k (ORCPT
        <rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
        Wed, 29 Aug 2018 17:29:40 -0400
Received: from tty0.vserver.softronics.ch ([91.214.169.36]:53532 "EHLO
        fe1.digint.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727254AbeH2V3j (ORCPT <rfc822;linux-btrfs@vger.kernel.org>);
        Wed, 29 Aug 2018 17:29:39 -0400
X-Greylist: delayed 543 seconds by postgrey-1.27 at vger.kernel.org;
 Wed, 29 Aug 2018 17:29:38 EDT
Received: by fe1.digint.ch (Postfix, from userid 1000)
        id DB293307E8; Wed, 29 Aug 2018 19:23:12 +0200 (CEST)
Received: from mail.tty0.ch (hermes.tty0.ch [172.21.1.5])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by fe1.digint.ch (Postfix) with ESMTPS id 4798C307DF
        for <linux-btrfs@vger.kernel.org>;
 Wed, 29 Aug 2018 19:23:12 +0200 (CEST)
Received: from ares.tty0.ch (ares.tty0.ch [10.0.1.10])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.tty0.ch (Postfix) with ESMTPS id 3088B1DA0F1;
        Wed, 29 Aug 2018 19:22:41 +0200 (CEST)
Received: by ares.tty0.ch (sSMTP sendmail emulation);
 Wed, 29 Aug 2018 19:24:46 +0200
From: Axel Burri <axel@tty0.ch>
To: linux-btrfs@vger.kernel.org
Cc: Axel Burri <axel@tty0.ch>
Subject: [RFC PATCH 3/6] btrfs-progs: Makefile: add "install-splitcmd-setcap"
 target, installs splitcmd binaries with appropriate capabilities
Date: Wed, 29 Aug 2018 19:24:06 +0200
Message-Id: <20180829172409.18064-4-axel@tty0.ch>
X-Mailer: git-send-email 2.16.4
In-Reply-To: <20180829172409.18064-1-axel@tty0.ch>
References: <20180829172409.18064-1-axel@tty0.ch>
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Install all $progs_install_splitcmd, and set appropriate linux file
capabilities(7) using setcap(8).

NOTE: while installing, group is hardcoded to "btrfs"! This needs
further discussion.

Signed-off-by: Axel Burri <axel@tty0.ch>
---
 Makefile        | 36 ++++++++++++++++++++++++++++++++++++
 Makefile.inc.in |  1 +
 configure.ac    |  1 +
 3 files changed, 38 insertions(+)

diff --git a/Makefile b/Makefile
index fcfc815a..5a1e2747 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@
 #   static      build static bnaries, requires static version of the libraries
 #   test        run the full testsuite
 #   install     install to default location (/usr/local)
+#   install-splitcmd-setcap  install splitcmd binaries, and set linux capabilities
 #   clean       clean built binaries (not the documentation)
 #   clean-all   clean as above, clean docs and generated files
 #
@@ -231,6 +232,30 @@ progs_install =
 progs_build =
 endif
 
+# split-command executables, generated by splitcmd-gen.sh
+progs_splitcmd = btrfs-send \
+	btrfs-receive \
+	btrfs-subvolume-list \
+	btrfs-subvolume-show \
+	btrfs-subvolume-snapshot \
+	btrfs-subvolume-delete \
+	btrfs-filesystem-usage \
+	btrfs-qgroup-destroy
+
+progs_install_splitcmd = $(progs_splitcmd)
+
+INSTALL_SETCAP_FLAGS = -m710 -gbtrfs
+
+# linux capabilities(7) needed; used by "install-splitcmd-setcap-%" below
+btrfs_subvolume_show_fcaps = "cap_sys_admin,cap_fowner,cap_dac_read_search"
+btrfs_subvolume_list_fcaps = "cap_sys_admin,cap_fowner,cap_dac_read_search"
+btrfs_subvolume_snapshot_fcaps = "cap_sys_admin,cap_fowner,cap_dac_override,cap_dac_read_search"
+btrfs_subvolume_delete_fcaps = "cap_sys_admin,cap_dac_override"
+btrfs_send_fcaps = "cap_sys_admin,cap_fowner,cap_dac_read_search"
+btrfs_receive_fcaps = "cap_sys_admin,cap_fowner,cap_chown,cap_mknod,cap_setfcap,cap_dac_override,cap_dac_read_search"
+btrfs_filesystem_usage_fcaps = "cap_sys_admin"
+btrfs_qgroup_destroy_fcaps = "cap_sys_admin,cap_dac_override"
+
 # external libs required by various binaries; for btrfs-foo,
 # specify btrfs_foo_libs = <list of libs>; see $($(subst...)) rules below
 btrfs_convert_cflags = -DBTRFSCONVERT_EXT2=$(BTRFSCONVERT_EXT2)
@@ -318,6 +343,7 @@ endif
 		$($(subst -,_,btrfs-$(@:%/$(notdir $@)=%)-cflags))
 
 all: $(progs_build) $(libs_build) $(BUILDDIRS)
+splitcmd: $(progs_splitcmd)
 ifeq ($(PYTHON_BINDINGS),1)
 all: libbtrfsutil_python
 endif
@@ -618,6 +644,7 @@ clean: $(CLEANDIRS)
 	      $(check_defs) \
 	      $(libs) $(lib_links) \
 	      $(progs_static) \
+	      $(progs_splitcmd) \
 	      libbtrfsutil/*.o libbtrfsutil/*.o.d
 ifeq ($(PYTHON_BINDINGS),1)
 	$(Q)cd libbtrfsutil/python; \
@@ -678,6 +705,15 @@ install-static: $(progs_static) $(INSTALLDIRS)
 	# btrfsck is a link to btrfs in the src tree, make it so for installed file as well
 	$(LN_S) -f btrfs.static $(DESTDIR)$(bindir)/btrfsck.static
 
+# install split-command binary, and set linux capabilities(7) defined
+# in btrfs_*_fcaps above, using setcap(8)
+install-splitcmd-setcap-%: %
+	@echo $(INSTALL) -m755 -d $(DESTDIR)$(bindir)
+	@echo $(INSTALL) $(INSTALL_SETCAP_FLAGS) $< $(DESTDIR)$(bindir)
+	@echo $(SETCAP) $($(subst -,_,$<)_fcaps)+ep $(DESTDIR)$(bindir)/$<
+
+install-splitcmd-setcap: $(progs_install_splitcmd) $(patsubst %,install-splitcmd-setcap-%,$(progs_install_splitcmd))
+
 $(INSTALLDIRS):
 	@echo "Making install in $(patsubst install-%,%,$@)"
 	$(Q)$(MAKE) $(MAKEOPTS) -C $(patsubst install-%,%,$@) install
diff --git a/Makefile.inc.in b/Makefile.inc.in
index a86c528e..567e4e6f 100644
--- a/Makefile.inc.in
+++ b/Makefile.inc.in
@@ -10,6 +10,7 @@ AR = @AR@
 RM = @RM@
 RMDIR = @RMDIR@
 INSTALL = @INSTALL@
+SETCAP = @SETCAP@
 DISABLE_DOCUMENTATION = @DISABLE_DOCUMENTATION@
 DISABLE_BTRFSCONVERT = @DISABLE_BTRFSCONVERT@
 BUILD_PROGRAMS = @BUILD_PROGRAMS@
diff --git a/configure.ac b/configure.ac
index df02f206..fefbfd9c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,6 +39,7 @@ AC_PROG_LN_S
 AC_CHECK_TOOL([AR], [ar])
 AC_PATH_PROG([RM], [rm], [rm])
 AC_PATH_PROG([RMDIR], [rmdir], [rmdir])
+AC_PATH_PROG([SETCAP], [setcap], [setcap])
 
 
 AC_CHECK_FUNCS([openat], [],