From bfcce402a14d514c0c2191cb4a9761b99cc6e126 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johan=20K=C3=A4llstr=C3=B6m?= <joka90@gmail.com>
Date: Sun, 28 Aug 2022 21:14:57 +0200
Subject: [PATCH] use setcap instead of s bit if supported

---
 README.md                        | 6 +++++-
 debian/apparmor/usr.bin.ryzenadj | 1 +
 debian/control                   | 1 +
 debian/ryzenadj.postinst         | 9 +++++++--
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 32a51225..bd6c2432 100644
--- a/README.md
+++ b/README.md
@@ -129,7 +129,11 @@ The simplest way to build it:
     make
 
 modify permissions for executing as root when started from Ryzen controller
-and user belongs to the ryzenadj group.
+and user belongs to the ryzenadj group
+
+    setcap 'cap_sys_rawio=ep cap_dac_override=ep cap_sys_admin=ep' ./ryzenadj
+
+or via the suid bit
 
     sudo chow root:root ./ryzenadj
     sudo chmod u+s ./ryzenadj
diff --git a/debian/apparmor/usr.bin.ryzenadj b/debian/apparmor/usr.bin.ryzenadj
index c7ead37a..cae43362 100644
--- a/debian/apparmor/usr.bin.ryzenadj
+++ b/debian/apparmor/usr.bin.ryzenadj
@@ -10,6 +10,7 @@ include <tunables/global>
 
   capability sys_admin,
   capability sys_rawio,
+  capability dac_override,
 
   # Needed for some files in /proc see
   # https://gitlab.com/apparmor/apparmor/-/wikis/TechnicalDoc_Proc_and_ptrace#apparmor-3-with-ptrace-rules
diff --git a/debian/control b/debian/control
index cb6f94fd..d2e898e9 100644
--- a/debian/control
+++ b/debian/control
@@ -20,6 +20,7 @@ Depends: ${misc:Depends},
          ${shlibs:Depends},
          libryzenadj0 (= ${binary:Version}),
 Pre-Depends: adduser (>= 3.11),
+             libcap2-bin,
 Description: Adjust power management settings for Ryzen Mobile Processors.
  This is a commandline tool that allows you to adjust power management
  settings for Ryzen Mobile Processors.
diff --git a/debian/ryzenadj.postinst b/debian/ryzenadj.postinst
index f70bfe30..c8f89fdb 100644
--- a/debian/ryzenadj.postinst
+++ b/debian/ryzenadj.postinst
@@ -1,10 +1,15 @@
 #!/bin/sh
 # postinst script for #PACKAGE#
 
+BINARY=/usr/bin/ryzenadj
 case "$1" in
     configure)
-        # Set setuid root on usr/bin/ryzenadj
-        chmod u+s /usr/bin/ryzenadj || ( echo 'Error: failed to setuid root on usr/bin/ryzenadj' >&2 )
+        if which setcap > /dev/null && setcap 'cap_sys_rawio=ep cap_dac_override=ep cap_sys_admin=ep' "$BINARY" ; then
+            echo "Set setcap on $BINARY successfull"
+        else
+            echo "Set setuid root on $BINARY"
+            chmod u+s "$BINARY" || ( echo "Error: failed to setuid root on $BINARY" >&2 )
+        fi
     ;;
 
     *)