From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1592959-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id AA66615838C
	for <garchives@archives.gentoo.org>; Sun, 21 Jan 2024 09:44:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id EE4A9E29BE;
	Sun, 21 Jan 2024 09:44:46 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D3577E29BE
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Jan 2024 09:44:46 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 19AAF343289
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Jan 2024 09:44:46 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A44F097B
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Jan 2024 09:44:44 +0000 (UTC)
From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Florian Schmaus" <flow@gentoo.org>
Message-ID: <1705830270.0b3a2136634e16e7a2b6a22ae95810512ca089dd.flow@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-process/criu/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-process/criu/criu-3.18.ebuild sys-process/criu/metadata.xml
X-VCS-Directories: sys-process/criu/
X-VCS-Committer: flow
X-VCS-Committer-Name: Florian Schmaus
X-VCS-Revision: 0b3a2136634e16e7a2b6a22ae95810512ca089dd
X-VCS-Branch: master
Date: Sun, 21 Jan 2024 09:44:44 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 5f8a09d7-b510-4833-805c-344b969c191e
X-Archives-Hash: 7bc52f5dc14b68b5810f482c004dc4a9

commit:     0b3a2136634e16e7a2b6a22ae95810512ca089dd
Author:     Florian Schmaus <flow <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 11 09:28:35 2024 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Sun Jan 21 09:44:30 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b3a2136

sys-process/criu: add support for rootless CRIU via filecaps

Closes: https://bugs.gentoo.org/921763
Closes: https://github.com/gentoo/gentoo/pull/34742
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>

 sys-process/criu/criu-3.18.ebuild | 8 ++++++--
 sys-process/criu/metadata.xml     | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/sys-process/criu/criu-3.18.ebuild b/sys-process/criu/criu-3.18.ebuild
index 4dcfb79c1ff1..be93c33e7d03 100644
--- a/sys-process/criu/criu-3.18.ebuild
+++ b/sys-process/criu/criu-3.18.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 
 PYTHON_COMPAT=( python3_{9..11} )
 DISTUTILS_USE_PEP517=setuptools
-inherit toolchain-funcs linux-info distutils-r1
+inherit fcaps toolchain-funcs linux-info distutils-r1
 
 DESCRIPTION="utility to checkpoint/restore a process tree"
 HOMEPAGE="
@@ -61,6 +61,10 @@ PATCHES=(
 	"${FILESDIR}/criu-3.18-buildsystem.patch"
 )
 
+FILECAPS=(
+	cap_checkpoint_restore usr/bin/criu
+)
+
 criu_arch() {
 	# criu infers the arch from $(uname -m).  We never want this to happen.
 	case ${ARCH} in

diff --git a/sys-process/criu/metadata.xml b/sys-process/criu/metadata.xml
index 5f7652d71661..748d2c99ee6c 100644
--- a/sys-process/criu/metadata.xml
+++ b/sys-process/criu/metadata.xml
@@ -10,6 +10,7 @@
 		<name>Gentoo Virtualization Project</name>
 	</maintainer>
 	<use>
+		<flag name="filecaps">Install the criu binary with file capabilities to allow for rootless CRIU</flag>
 		<flag name="setproctitle">Use <pkg>dev-libs/libbsd</pkg> to make process titles of service workers to be more verbose</flag>
 		<flag name="bpf">Add support for BPF programs via <pkg>dev-libs/libbpf</pkg></flag>
 		<flag name="nftables">Add support for <pkg>net-firewall/nftables</pkg></flag>