diff --git a/.gitattributes b/.gitattributes index 4376ab56ee0b8d2396ccb1da636f169987ed41c4..826c72630ea252def62259fb44ad76fad949f312 100644 --- a/.gitattributes +++ b/.gitattributes @@ -4629,6 +4629,7 @@ RTCP/Cobalt/OpenCL_FFT/src/libOpenCL_FFT.a.not -text RTCP/Cobalt/OpenCL_FFT/src/main.cpp -text RTCP/Cobalt/OpenCL_FFT/src/param.txt -text RTCP/Cobalt/OpenCL_FFT/src/procs.h -text +RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt -text RTCP/Cobalt/OutputProc/scripts/bf-output-loss.sh eol=lf RTCP/Cobalt/OutputProc/test/tMSWriterCorrelated_.run.in eol=lf RTCP/Cobalt/OutputProc/test/tMeasurementSetFormat.parset-j2000 -text diff --git a/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt b/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt new file mode 100644 index 0000000000000000000000000000000000000000..97ab165568503bb77a5c1a584eeb57f19a477dda --- /dev/null +++ b/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt @@ -0,0 +1,5 @@ +## Allows lofarbuild to add the listed capabilities to any single writable file for automated roll-out. +## Attempts to disallow adding another set of capabilities. +## Does not attempt to disallow adding the listed capabilities to other files, which would be trivial to bypass. +Cmnd_Alias SETCAP_COBALT = /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock+ep *, ! /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock+ep * * +lofarbuild ALL = (root) NOPASSWD: SETCAP_COBALT