#!/bin/sh

set -e

# In order to capture system calls via falcosecurity-scap-dkms, we
# currently need read+write access to /dev/scap* and read access to
# various files under /proc, including /proc/<pid>/*, similar to
# the requirements described at
# https://github.com/draios/sysdig/wiki/How%20to%20Install%20Sysdig%20for%20Linux#use-sysdig-as-non-root
#
# Provide an option to install falcodump setuid root for now.
# Hopefully at some point we'll be able to switch to capabilities.
# https://falco.org/docs/install-operate/running/#least-privileged

# There's no corresponding stratoshark.postrm script because the "scap" group
# might be shared with falcosecurity-scap-dkms, so we don't want to
# remove it here.
# Also, there are arguments against removing groups in general:
# https://wiki.debian.org/AccountHandlingInMaintainerScripts

. /usr/share/debconf/confmodule
PROGRAM=$(dpkg-divert --truename /usr/lib/@DEB_HOST_MULTIARCH@/stratoshark/extcap/falcodump)
GROUP=scap

if ! dpkg-statoverride --list $PROGRAM > /dev/null; then
    db_get stratoshark/install-setuid
    if [ -e "$PROGRAM" ]; then
        if [ "$RET" = "false" ] ; then
            chown root:root $PROGRAM
            chmod u=rwx,go=rx $PROGRAM
        else
            if ! addgroup --quiet --system $GROUP; then
                if ! getent group $GROUP > /dev/null; then
                    db_input high stratoshark/addgroup-failed || true
                    db_go
                    exit 1
                else
                    db_input high stratoshark/group-is-user-group || true
                    db_go
                fi
            fi
            chown root:$GROUP $PROGRAM
            chmod u=rwxs,g=rx,o=r $PROGRAM
        fi
    fi
else
    dpkg-statoverride --list $PROGRAM
fi

#DEBHELPER#