[gentoo-commits] repo/proj/guru:dev commit in: net-vpn/mullvadvpn-app/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Itai Ferber" <itai@itaiferber.net>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/proj/guru:dev commit in: net-vpn/mullvadvpn-app/
Date: Fri, 10 May 2024 18:24:06 +0000 (UTC)	[thread overview]
Message-ID: <1715365391.f5a3836facfa2dc8192eb0a306cd8a92274c121e.itai@gentoo> (raw)

commit:     f5a3836facfa2dc8192eb0a306cd8a92274c121e
Author:     Itai Ferber <itai <AT> itaiferber <DOT> net>
AuthorDate: Fri May 10 18:23:11 2024 +0000
Commit:     Itai Ferber <itai <AT> itaiferber <DOT> net>
CommitDate: Fri May 10 18:23:11 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=f5a3836f

net-vpn/mullvadvpn-app: Enable setuid bit for mullvad-exclude

Signed-off-by: Itai Ferber <itai <AT> itaiferber.net>

 net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild b/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild
index 1efc699958..4332496f1a 100644
--- a/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild
+++ b/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild
@@ -49,6 +49,12 @@ src_install() {
 	dobin "${S}"/usr/bin/mullvad-exclude
 	dosym "../../opt/Mullvad VPN/resources/mullvad-problem-report" /usr/bin/mullvad-problem-report
 
+	# mullvad-exclude uses cgroups to manage exclusions, which requires root permissions, but is
+	# also most often used to exclude graphical applications which can't or shouldn't run as root
+	# (i.e., can't be run under `sudo/doas /usr/bin/mullvad-exclude ...`, because `sudo`/`doas`
+	# change user). The setuid bit allows any user to exclude executables under their own UID.
+	fperms 4755 /usr/bin/mullvad-exclude
+
 	newinitd "${FILESDIR}"/mullvad-daemon.initd mullvad-daemon
 
 	systemd_newunit "${S}"/usr/lib/systemd/system/mullvad-daemon.service mullvad-daemon.service

next             reply	other threads:[~2024-05-10 18:24 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-10 18:24 Itai Ferber [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-03-26 16:18 [gentoo-commits] repo/proj/guru:dev commit in: net-vpn/mullvadvpn-app/ Itai Ferber
2025-03-14 16:01 Itai Ferber
2025-03-12 19:28 Joe Kappus
2025-03-12 19:18 Joe Kappus
2025-02-26 16:41 Itai Ferber
2025-02-12 23:10 Itai Ferber
2025-02-07 14:24 Itai Ferber
2025-01-24 12:40 Itai Ferber
2025-01-22 18:40 Itai Ferber
2025-01-08 12:41 Itai Ferber
2025-01-03 16:03 Itai Ferber
2024-12-05 16:04 Itai Ferber
2024-12-04 14:57 Itai Ferber
2024-10-23 13:31 Itai Ferber
2024-10-23 13:31 Itai Ferber
2024-10-10 18:00 Itai Ferber
2024-09-26 15:24 Itai Ferber
2024-09-03 15:26 Itai Ferber
2024-09-03 15:26 Itai Ferber
2024-08-24 10:56 Takuya Wakazono
2024-08-22 17:09 Itai Ferber
2024-07-25 14:27 Itai Ferber
2024-07-25 14:27 Itai Ferber
2024-07-16 16:53 Itai Ferber
2024-06-27  8:41 [gentoo-commits] repo/proj/guru:master " David Roman
2024-06-27  8:23 ` [gentoo-commits] repo/proj/guru:dev " David Roman
2024-06-24 18:08 Itai Ferber
2024-06-24 15:49 Itai Ferber
2024-05-15 23:02 Itai Ferber
2024-05-10 17:34 Itai Ferber
2024-04-26 12:48 David Roman
2024-04-26 12:48 David Roman
2024-04-26 12:48 David Roman
2024-04-11 14:36 Joe Kappus
2024-01-01  2:29 Joe Kappus
2023-12-12  9:08 David Roman
2023-11-01 12:56 David Roman
2023-10-30 11:27 [gentoo-commits] repo/proj/guru:master " David Roman
2023-10-29 10:46 ` [gentoo-commits] repo/proj/guru:dev " David Roman
2023-10-28  1:06 David Roman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1efc69995 dfblob:4332496f1 )
 OR (
bs:"[gentoo-commits] repo/proj/guru:dev commit in: net-vpn/mullvadvpn-app/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1715365391.f5a3836facfa2dc8192eb0a306cd8a92274c121e.itai@gentoo \
    --to=itai@itaiferber.net \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox