From: sven@svenhartge.de   
      
   On 12.02.26 02:51, Otto Kekäläinen wrote:   
      
   > The linked issue recommends running `sudo setcap cap_perfmon=ep   
   > /usr/bin/btop` to set the capability for the binary.   
   >   
   > I am not aware of how to set capabilities in Debian packaging. There   
   > are no signs of any automated way to do it:   
   >   
   > https://manpages.debian.org/unstable/debhelper/dh_installdeb.1.en.html   
   > https://manpages.debian.org/unstable/manpages/capabilities.7.en.html   
   > https://manpages.debian.org/unstable/libcap2-bin/setcap.8.en.html   
   >   
   > I would rather not introduce custom mainters scripts to run misc shell   
   > commands with security implications during install. Maybe we need to   
   > wait for Debian to introduce some general capability management   
   > facility in Debian packaging, like a debian/btop.setcap file etc.   
      
      
   I do agree that a generalized capability management would be nice   
   instead of needing to add shell code to the postinst, but unfortunately   
   this is how this is done currently, when you look at other packages.   
      
   My locally created package has this in the postinst:   
      
   #   
   if [ "$1" = configure ]; then   
        if command -v setcap > /dev/null; then   
            setcap cap_sys_admin=+ep /usr/bin/btop ||:   
        fi   
   fi   
   #   
      
   If you look at codesearch, you will find man examples of exactly this   
   kind of code.   
      
   For btop there is a tradeoff to be discussed: Some stats, most   
   prominently the GPU stats, are only available when running as root (or   
   with sys_admin privileges), so running btop via sudo or people getting   
   advise to make it setuid could be seen as the worse alternative to   
   setting the capabilities.   
      
   Grüße,   
   Sven.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)