aboutsummaryrefslogtreecommitdiff
path: root/contrib/sucap/Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/sucap/Makefile')
-rw-r--r--contrib/sucap/Makefile15
1 files changed, 12 insertions, 3 deletions
diff --git a/contrib/sucap/Makefile b/contrib/sucap/Makefile
index 91947af..df61ed5 100644
--- a/contrib/sucap/Makefile
+++ b/contrib/sucap/Makefile
@@ -1,9 +1,18 @@
+topdir=$(shell pwd)/../..
+include ../../Make.Rules
+
+# This line is here to link against the in-tree copy of libcap.so
+LINKEXTRA=-Wl,-rpath,$(topdir)/libcap
+DEPS=../../libcap/libcap.so
+
all: su
-su: su.c
- $(CC) -DPAM_APP_NAME=\"sucap\" -o $@ $< -lpam -lpam_misc -lcap
+su: su.c $(DEPS)
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DPAM_APP_NAME=\"sucap\" $< -o $@ $(LINKEXTRA) -lpam -lpam_misc $(LIBCAPLIB)
# to permit all ambient capabilities, this needs all permitted.
- sudo setcap =p ./su
+ # sudo setcap =p ./su
+ # to permit all inheritable, as CAP_PURE1E needs, we don't need as much
+ sudo setcap cap_chown,cap_setgid,cap_setuid,cap_dac_read_search,cap_setpcap=p ./su
clean:
rm -f su su.o *~
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 04:02:23 +0000