Use a specific script to set the capabilities

Instead of having the capabilities to be set automatically,
it will be up to the user to set them through a specific
script 'lxc-setcap'.

After installing the lxc tools, if we want them to be available,
for a non-root user, lxc-setcap will set the needed capabilities.
If, after thinking it, we want to remove the capabilities,
the 'lxc-setcap -d' will do this for us.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Guido Trotter <ultrotter@google.com>

1 files changed, 4 insertions, 18 deletions

diff --git a/lxc.spec.in b/lxc.spec.in
index 86832d1..eb3829b 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -71,29 +71,12 @@ rm -rf %{buildroot}
 mkdir -p /var/lxc
 chmod ugo+w /var/lxc
 
-setcap cap_sys_admin=ep %{_bindir}/lxc-init
-
-setcap cap_sys_admin=ep %{_bindir}/lxc-netstat
-
-setcap cap_sys_admin=ep %{_bindir}/lxc-create
-
-setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-execute
-
-setcap cap_sys_chroot,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-start
-
-setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-restart
-
-setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
-    %{_bindir}/lxc-unshare
-
 %files
 %defattr(-,root,root)
 %{_sysconfdir}/%{name}/*
 %{_libdir}/*.so*
 %{_bindir}/*
+%{_libexecdir}/*
 %{_mandir}/*
 
 %files devel
@@ -104,6 +87,9 @@ setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
 
 %changelog
 
+* Mon Mar 24 2009 Daniel Lezcano <daniel.lezcano@free.fr> - Version 0.6.1
+- Removed capability setting, let the user to do that through "lxc-setcap"
+
 * Mon Feb 16 2009 Daniel Lezcano <daniel.lezcano@free.fr> - Version 0.6.0
 - Added more capabilities to the executables