Current File : //usr/local/jetapps/usr/share/rear/rescue/NETFS/default/610_save_capabilities.sh |
# Save all found capapilities.
# Skip when the whole NETFS_RESTORE_CAPABILITIES array is empty.
# For the 'test' one must have all array members as a single word i.e. "${name[*]}" because
# the test should succeed when there is any non-empty array member, not necessarily the first one:
test "${NETFS_RESTORE_CAPABILITIES[*]}" || return 0
# Be backward compatible:
is_false "$NETFS_RESTORE_CAPABILITIES" && return 0
# Save capapilities to /var/lib/rear/recovery/capabilities:
cat /dev/null > $VAR_DIR/recovery/capabilities
# getcap and setcap are mandatory when NETFS_RESTORE_CAPABILITIES has a non-empty array member:
has_binary getcap && has_binary setcap || Error "getcap and setcap are needed when NETFS_RESTORE_CAPABILITIES is non-empty"
# Empty values must be avoided for grep -Ev because grep -Ev '' or grep -Ev 'something|' matches all:
exclude_directories="$BUILD_DIR"
test "$ISO_DIR" && exclude_directories+="|$ISO_DIR"
# Be backward compatible:
is_true "$NETFS_RESTORE_CAPABILITIES" && NETFS_RESTORE_CAPABILITIES=( '/' )
# The actual work:
LogPrint "Saving file capabilities (NETFS_RESTORE_CAPABILITIES)"
for directory in "${NETFS_RESTORE_CAPABILITIES[@]}" ; do
# Ignore stderr to avoid thousands of 'Failed to get capabilities of file'
# stderr messages for directories like /proc /sys /dev in case of 'getcap -r /':
getcap -r $directory 2>/dev/null | grep -Ev "$exclude_directories" >> $VAR_DIR/recovery/capabilities
done