[bacula] Add POSIX.1e capabilities to bacula-fd

Simone Caronni slaanesh at fedoraproject.org
Tue Dec 6 08:48:49 UTC 2011 

commit a9c6a94b998e8efc4b9d520648327cd43c6a0313
Author: Simone Caronni <negativo17 at gmail.com>
Date:   Tue Dec 6 09:48:33 2011 +0100

    Add POSIX.1e capabilities to bacula-fd

 bacula-dir.service  |    2 +-
 bacula-fd.service   |    2 +-
 bacula-fd.sysconfig |    6 ++++++
 bacula-sd.service   |    2 +-
 bacula.spec         |   10 ++++++++--
 5 files changed, 17 insertions(+), 5 deletions(-)
---
diff --git a/bacula-dir.service b/bacula-dir.service
index b3fecaa..432c925 100644
--- a/bacula-dir.service
+++ b/bacula-dir.service
@@ -7,7 +7,7 @@ After=network.target
 Environment=CONFIG=/etc/bacula/bacula-dir.conf
 EnvironmentFile=-/etc/sysconfig/bacula-dir
 ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG
-ExecStart=/usr/sbin/bacula-dir -f -c $CONFIG -u $DIR_USER -g $DIR_GROUP
+ExecStart=/usr/sbin/bacula-dir -f $OPTS -c $CONFIG -u $DIR_USER -g $DIR_GROUP
 StandardOutput=syslog
 Restart=always
 
diff --git a/bacula-fd.service b/bacula-fd.service
index abd9e66..608c923 100644
--- a/bacula-fd.service
+++ b/bacula-fd.service
@@ -7,7 +7,7 @@ After=network.target
 Environment=CONFIG=/etc/bacula/bacula-fd.conf
 EnvironmentFile=-/etc/sysconfig/bacula-fd
 ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG
-ExecStart=/usr/sbin/bacula-fd -f -c $CONFIG -u $FD_USER -g $FD_GROUP
+ExecStart=/usr/sbin/bacula-fd -f $OPTS -c $CONFIG -u $FD_USER -g $FD_GROUP
 IOSchedulingClass=idle
 StandardOutput=syslog
 Restart=always
diff --git a/bacula-fd.sysconfig b/bacula-fd.sysconfig
index 2476fec..68dfb1e 100644
--- a/bacula-fd.sysconfig
+++ b/bacula-fd.sysconfig
@@ -4,3 +4,9 @@
 FD_USER=root
 FD_GROUP=root
 
+# Set the following options if you want to run bacula-fd with ReadAll
+# capabilities after UID/GID switch.
+# This allows the File Daemon to keep root read but drop write permission. 
+# OPTS="-k"
+# FD_USER="bacula"
+# FD_GROUP="bacula"
diff --git a/bacula-sd.service b/bacula-sd.service
index 19847f0..d32bee3 100644
--- a/bacula-sd.service
+++ b/bacula-sd.service
@@ -7,7 +7,7 @@ After=network.target
 Environment=CONFIG=/etc/bacula/bacula-sd.conf
 EnvironmentFile=-/etc/sysconfig/bacula-sd
 ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG
-ExecStart=/usr/sbin/bacula-sd -f -c $CONFIG -u $SD_USER -g $SD_GROUP
+ExecStart=/usr/sbin/bacula-sd -f $OPTS -c $CONFIG -u $SD_USER -g $SD_GROUP
 StandardOutput=syslog
 Restart=always
 
diff --git a/bacula.spec b/bacula.spec
index 7c2969f..d8d87a9 100644
--- a/bacula.spec
+++ b/bacula.spec
@@ -1,6 +1,6 @@
 Name:			bacula
 Version:		5.2.2
-Release:		6%{?dist}
+Release:		7%{?dist}
 Summary:		Cross platform network backup for Linux, Unix, Mac and Windows
 # See LICENSE for details
 License:		GPLv2 with exceptions
@@ -35,7 +35,7 @@ BuildRequires:		libstdc++-devel, libxml2-devel, zlib-devel
 BuildRequires:		mysql-devel, postgresql-devel, sqlite-devel
 BuildRequires:		desktop-file-utils, python-devel, lzo-devel, sed
 BuildRequires:		libacl-devel, latex2html, tetex-latex, tetex, ghostscript
-BuildRequires:		readline-devel
+BuildRequires:		readline-devel, libcap-devel
 
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 BuildRequires:		qt4-devel >= 4.6.2
@@ -817,6 +817,12 @@ fi
 
 
 %changelog
+* Tue Dec 06 2011 Simone Caronni <negativo17 at gmail.com> - 5.2.2-7
+- Added libcap for POSIX.1e capabilities in bacula-fd (5.0.0 feature).
+- Allow systemd files to read options set in the sysconfig
+  configuration files like SysV scripts to enable capabilities.
+- Set capabilities as optional for now.
+
 * Mon Dec 05 2011 Simone Caronni <negativo17 at gmail.com> - 5.2.2-6
 - Removed leftover files and small rpmlint fixes.
 - Additional file moves between packages.

More information about the scm-commits mailing list