[packages/NetworkManager] add missing cap to systemd unit when building with ebpf

Fri Apr 18 20:05:11 CEST 2025

commit 4a8b2d131cf318796e3a792ea54e120f5561c633
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri Apr 18 19:47:19 2025 +0200

    add missing cap to systemd unit when building with ebpf
    
    see https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1752

 NetworkManager.spec   |  2 ++
 systemd-bpf-cap.patch | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
---

diff --git a/NetworkManager.spec b/NetworkManager.spec
index 982db26..a2c482d 100644
--- a/NetworkManager.spec
+++ b/NetworkManager.spec
@@ -27,6 +27,7 @@ Source4:	%{name}.init
 Patch0:		ifcfg-path.patch
 Patch1:		systemd-fallback.patch
 Patch2:		%{name}-gir3.patch
+Patch3:		systemd-bpf-cap.patch
 URL:		https://gitlab.freedesktop.org/NetworkManager/NetworkManager/
 BuildRequires:	ModemManager-devel >= 1.0.0
 BuildRequires:	audit-libs-devel
@@ -193,6 +194,7 @@ Bashowe uzupełnianie nazw dla polecenia NetworkManagera (nmcli).
 %patch -P0 -p1
 %{?with_systemd:%patch -P1 -p1}
 %patch -P2 -p1
+%patch -P3 -p1
 
 grep -rl /usr/bin/env examples | xargs sed -i -e '1{
 	s,^#!.*bin/env gjs,#!/usr/bin/gjs,
diff --git a/systemd-bpf-cap.patch b/systemd-bpf-cap.patch
new file mode 100644
index 0000000..00f1be7
--- /dev/null
+++ b/systemd-bpf-cap.patch
@@ -0,0 +1,26 @@
+--- NetworkManager-1.52.0/data/NetworkManager.service.in.orig	2025-02-28 14:55:33.000000000 +0100
++++ NetworkManager-1.52.0/data/NetworkManager.service.in	2025-04-18 19:28:35.790756030 +0200
+@@ -19,7 +19,7 @@
+ # With a huge number of interfaces, starting can take a long time.
+ TimeoutStartSec=600
+ 
+-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT @CAP_BPF@
+ 
+ ProtectSystem=true
+ ProtectHome=read-only
+--- NetworkManager-1.52.0/meson.build.orig	2025-02-28 14:55:33.000000000 +0100
++++ NetworkManager-1.52.0/meson.build	2025-04-18 19:26:56.983572502 +0200
+@@ -951,6 +951,12 @@
+ data_conf.set('nmstatedir',                              nm_pkgstatedir)
+ data_conf.set('sbindir',                                 nm_sbindir)
+ data_conf.set('sysconfdir',                              nm_sysconfdir)
++if enable_ebpf
++  data_conf.set('CAP_BPF',                               'CAP_BPF')
++else
++  data_conf.set('CAP_BPF',                               '')
++endif
++
+ 
+ # check if we can build setting property documentation
+ '''
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/NetworkManager.git/commitdiff/4a8b2d131cf318796e3a792ea54e120f5561c633

