packaging: use setcap to give Murphy CAP_NET_ADMIN capability.

This is needed for process tracking. Murphy opens a netlink socket to listen for
process events from kernel. If a tracked process dies, Murphy gets notified.
This is required to prevent "shadow resource sets" from already dead clients
using those resource frontend that don't have native tracking capabilities.

Change-Id: Ifdd390dac8d9b22cc1a6cb64c7dd83aa8b27cb31

diff --git a/packaging/murphy.spec b/packaging/murphy.spec
index b9a50b6..91d6215 100644 (file)
--- a/packaging/murphy.spec
+++ b/packaging/murphy.spec
@@ -40,6 +40,7 @@ Requires: %{name}-core = %{version}
 %endif
 
 Requires(post): /bin/systemctl
+Requires(post): libcap-tools
 Requires(postun): /bin/systemctl
 
 BuildRequires: flex
@@ -47,6 +48,7 @@ BuildRequires: bison
 BuildRequires: pkgconfig(lua)
 BuildRequires: pkgconfig(libsystemd-daemon)
 BuildRequires: pkgconfig(libsystemd-journal)
+BuildRequires: pkgconfig(libcap)
 
 %if %{?_with_pulse:1}%{!?_with_pulse:0}
 BuildRequires: pkgconfig(libpulse)
@@ -456,6 +458,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %post
 /bin/systemctl enable murphyd.service
+setcap 'cap_net_admin=+ep' %{_bindir}/murphyd
 
 %if %{?_with_squashpkg:0}%{!?_with_squashpkg:1}
 %post core