From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 10656158064 for ; Fri, 10 May 2024 18:24:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ED7AEE2A23; Fri, 10 May 2024 18:24:09 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C0A6EE2A23 for ; Fri, 10 May 2024 18:24:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7F046343003 for ; Fri, 10 May 2024 18:24:08 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E26531779 for ; Fri, 10 May 2024 18:24:06 +0000 (UTC) From: "Itai Ferber" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Itai Ferber" Message-ID: <1715365391.f5a3836facfa2dc8192eb0a306cd8a92274c121e.itai@gentoo> Subject: [gentoo-commits] repo/proj/guru:dev commit in: net-vpn/mullvadvpn-app/ X-VCS-Repository: repo/proj/guru X-VCS-Files: net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild X-VCS-Directories: net-vpn/mullvadvpn-app/ X-VCS-Committer: itai X-VCS-Committer-Name: Itai Ferber X-VCS-Revision: f5a3836facfa2dc8192eb0a306cd8a92274c121e X-VCS-Branch: dev Date: Fri, 10 May 2024 18:24:06 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 83dfc01c-bf20-4ee9-a358-6bfe44ad3ffd X-Archives-Hash: c95fb2e6532f979e471f1064cf080e8f commit: f5a3836facfa2dc8192eb0a306cd8a92274c121e Author: Itai Ferber itaiferber net> AuthorDate: Fri May 10 18:23:11 2024 +0000 Commit: Itai Ferber itaiferber net> CommitDate: Fri May 10 18:23:11 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=f5a3836f net-vpn/mullvadvpn-app: Enable setuid bit for mullvad-exclude Signed-off-by: Itai Ferber itaiferber.net> net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild b/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild index 1efc699958..4332496f1a 100644 --- a/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild +++ b/net-vpn/mullvadvpn-app/mullvadvpn-app-2024.2.ebuild @@ -49,6 +49,12 @@ src_install() { dobin "${S}"/usr/bin/mullvad-exclude dosym "../../opt/Mullvad VPN/resources/mullvad-problem-report" /usr/bin/mullvad-problem-report + # mullvad-exclude uses cgroups to manage exclusions, which requires root permissions, but is + # also most often used to exclude graphical applications which can't or shouldn't run as root + # (i.e., can't be run under `sudo/doas /usr/bin/mullvad-exclude ...`, because `sudo`/`doas` + # change user). The setuid bit allows any user to exclude executables under their own UID. + fperms 4755 /usr/bin/mullvad-exclude + newinitd "${FILESDIR}"/mullvad-daemon.initd mullvad-daemon systemd_newunit "${S}"/usr/lib/systemd/system/mullvad-daemon.service mullvad-daemon.service