From 224bcc914418d150a03581e64e87467cac4a6df8 Mon Sep 17 00:00:00 2001 From: jyyi1 Date: Tue, 22 Oct 2024 17:25:05 -0400 Subject: [PATCH] apply capabilitites to Outline executable --- client/electron/debian/after_install.sh | 10 ++++++++++ client/electron/debian/after_remove.sh | 17 ----------------- client/electron/electron-builder.json | 7 +++++-- 3 files changed, 15 insertions(+), 19 deletions(-) delete mode 100644 client/electron/debian/after_remove.sh diff --git a/client/electron/debian/after_install.sh b/client/electron/debian/after_install.sh index da62177e5ee..a6a711a62a5 100644 --- a/client/electron/debian/after_install.sh +++ b/client/electron/debian/after_install.sh @@ -14,4 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Dependencies: +# - libcap2-bin: setcap + set -eux + +readonly PREFIX=/opt/Outline + +# Grant specific capabilities so Outline can run without root permisssion +# - cap_net_admin: configure network interfaces, set up routing tables, etc. +# - cap_dac_override: modify network configuration files owned by root +/usr/sbin/setcap cap_net_admin,cap_dac_override+eip ${PREFIX}/Outline diff --git a/client/electron/debian/after_remove.sh b/client/electron/debian/after_remove.sh deleted file mode 100644 index da62177e5ee..00000000000 --- a/client/electron/debian/after_remove.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Copyright 2024 The Outline Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eux diff --git a/client/electron/electron-builder.json b/client/electron/electron-builder.json index cf6960e244a..5027e9580fa 100644 --- a/client/electron/electron-builder.json +++ b/client/electron/electron-builder.json @@ -18,8 +18,11 @@ ], "deb": { - "afterInstall": "client/electron/debian/after_install.sh", - "afterRemove": "client/electron/debian/after_remove.sh" + "depends": [ + "gconf2", "gconf-service", "libnotify4", "libappindicator1", "libxtst6", "libnss3", + "libcap2-bin" + ], + "afterInstall": "client/electron/debian/after_install.sh" }, "linux": { "category": "Network",