Use capsh to ensure file capabilities aren't set

2016-11-14 23:55:45 +00:00
parent db10424a9b
commit c4fb032d3b
12 changed files with 20 additions and 19 deletions
--- a/export-image/01-set-sources/01-run.sh
+++ b/export-image/01-set-sources/01-run.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e

-on_chroot sh -e - <<EOF
+on_chroot << EOF
 apt-get update
 apt-get -y dist-upgrade
 apt-get clean
--- a/export-image/03-finalise/01-run.sh
+++ b/export-image/03-finalise/01-run.sh
@@ -2,7 +2,7 @@

 IMG_FILE="${STAGE_WORK_DIR}/${IMG_DATE}-${IMG_NAME}${IMG_SUFFIX}.img"

-on_chroot sh -e - <<EOF
+on_chroot << EOF
 /etc/init.d/fake-hwclock stop
 hardlink -t /usr/share/doc
 EOF