#!/bin/sh set -e # Alternatively this check can be disabled by preseeding: # echo "iproute2/setcaps boolean false" | debconf-set-selections . /usr/share/debconf/confmodule case "$1" in configure) if command -v setcap > /dev/null; then db_get iproute2/setcaps # Allow dpkg-reconfigure to remove caps if test "$RET" = "true"; then if ! setcap "cap_dac_override,cap_sys_admin,cap_net_admin=ep" /bin/ip; then echo "Setcap failed on /bin/ip, ip vrf exec will not be runnable by non-root" >&2 fi else # setcap -r fails if the xattr is not present if getcap /bin/ip | grep -qs "/bin/ip"; then if ! setcap "-r" /bin/ip; then echo "Setcap -r failed on /bin/ip, could not remove capabilities" >&2 fi fi fi fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. exit 0