| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The ambient set is some strangeness associated with trying to revive
naive inheritance. While personally not a fan of this feature, I
recognize it is in the kernel so libcap now supports it with
three new functions:
int cap_get_ambient(cap_value_t cap)
int cap_set_ambient(cap_value_t cap, cap_flag_value_t set)
int cap_reset_ambient(void)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The kdebug directory requires qemu to run and expects the kernel
to be compiled with the running architecture. My setup has the kernel
sources as a peer to the libcap directory so kdebug assumes that too.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Thanks to P.J.Opalinski for noticing it.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The commit 056ffb0bd25d91ffbcb83c521fc4d3d9904ec4d4 broke the display of
the final error message because it would do more operations that would
clobber errno. Example:
(libcap-2.22) sudo setcap cap_ipc_lock=ep /proc/filesystems | head -1
Failed to set capabilities on file `/proc/filesystems' (Operation not supported)
(libcap-2.23) sudo setcap cap_ipc_lock=ep /proc/filesystems | head -1
Failed to set capabilities on file `/proc/filesystems' (Invalid argument)
Save the original errno value and use that for the final display instead.
URL: https://bugs.gentoo.org/551672
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This is, at least, true on my Fedora based system. The chroot tests
won't work with a dynamic binary, so stop using --user and use --uid
instead.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
instead, prepend it when actually using them.
This makes the variables more useful for specifying on the make invocation,
as you don't have to repeat your FAKEROOT/DESTDIR for every variable you
want to set. Just like you can set 'lib' without specifying lib_prefix.
compare:
make DESTDIR="${somevar}" prefix=/usr/local LIBDIR="${somevar}"/usr/local/lib96 MANDIR="${somevar}"/usr/share/man
to:
make DESTDIR="${somevar}" prefix=/usr/local LIBDIR=/usr/local/lib96 MANDIR=/usr/share/man
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Replace 'cap_d' with 'cap_t' in man page.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Move gperf detection from libcap/Makefile to Make.Rules to be more cross-environment friendly.
Fix INDENT test (dollar sign must be doubled):
http://www.gnu.org/software/make/manual/make.html#Variables-in-Recipes
Signed-off-by: Matthieu Crapet <mcrapet@gmail.com>
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
This header stuff seems a bit fragile, but Serge reports including
it in sys/capability.h was causing a lot of trouble building dependent
app packages.
From the perspective of libcap, this API is only needed internally in
cap_file.c so we put an include there.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Release notes here:
https://sites.google.com/site/fullycapable/
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Cc: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Thanks to Allan McRae for resolving it.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
In adopting this uapi header file (without kernel internals), I previously
messed up on the apparent location of the files. Thanks to Tom Gundersen for
the clarification. Also, delete the non-uapi copies of things since they
are no longer needed to build the library and tools.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
I used to sign the .gz files with my old DSA key, but now will only be
signing the raw tar files with my kernel.org upload key.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Also include a copy of the public key I have to use to upload binaries
to kernel.org. Moving forward, I plan to sign release tags with both keys.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
It appears that ping has been modified to hard-code non-file-capability
acquired privilege use. That is, it requires PR_SET_KEEPCAPS (a legacy
supporting secure bit) to function in order for ping to work. As such, we
can't rely on it for quicktest.sh. Instead, we use a copy of capsh
enhanced with file-caps for our test cases.
Thanks to Serge Hallyn @ Ubuntu for figuring out what broke.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Patch contributed by Ivan Kabaivanov.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Suggestion from Mark Wielaard @ Redhat and, more recently from Akhil Arora @ Intel.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
This patch was generated by Bryan Kadzban, and most recently supported by
Thomas H.P. Anderson.
For more info on what this file is used for, read:
http://en.wikipedia.org/wiki/Pkg-config
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
The file capabilities are not as expressive as process capabilities
(for a reason - see the NOTES section of 'man 3 cap_set_file').
The effective bits on a file under linux are captured by a single
boolean. As such attempting to partially set effective bits via the
more fully expressive process capability representation (cap_from_text)
sometimes yields an error. From now on, suggest that when the user
attempts to do this and an error occurs, the error might be such a
mismatch between effective and the other capability bits.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Thanks to Steve Grubb for suggesting this. He wrote:
=========
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.
Additional info:
http://cwe.mitre.org/data/definitions/243.html
=========
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
See:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/794202
Patch originally from Mikhail Kulinich, but forwarded from Serge Hallyn
at Canonical.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Include some documentation and a link to capsh's man page.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Since commit 38ef4c2e437d11b5922723504b62824e96761459 syslog
operations require CAP_SYSLOG capability (intoriduced by commit
ce6ada35bdf710d16582cc4869c26722547e6f11), not CAP_SYS_ADMIN.
Patch introduces CAP_SYSLOG capability.
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
|
|
For my conveneince, default to installing an inheritable
file capability on setcap when installed. This requires the
process inherit a capability for it to take effect, but that's
what pam_cap is for...
You can disable this install feature with:
make RAISE_SETFCAP=no install
Also, clean up Make files and a test, and add more comments.
The make files needed a fix (remove -lpam from pam_cap/Makefile)
and I've added a number of comments in support of various issues
folk have asked me about.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This patch allows modifications of $(CFLAGS) when invoking make and fixes some
library linking issues.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
thanks to Roland Koebler for the new text
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Also add linux securebits.h file in case the system headers did not
include them.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Hey Andrew,
Do you think this belongs in libcap? I figure it looks nice
sitting next to include/sys/capability.h... But can't
convince myself whether it's useful or not.
Signed-off-by: Serge Hallyn <serge@us.ibm.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
i -> j. The previous code would loop infinitely with
--user=<user-with-one-group> --print
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Also clean up header to avoid hackery - no longer needed apparently.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@pip.(none)>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
I've had a number of reports that some systems are using really
old versions of sed that don't honor the '\t' for tabs in rules.
Since perl does, we'll use that from here on.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
When scanning filesystem subtree with symbolic links to parent
directories the old code would get into an infinite loop. This fixes
the code to not follow symbolic links.
Relevant bugzilla entry:
https://bugzilla.redhat.com/show_bug.cgi?id=454987
[Ed., Minor style modifications by Andrew]
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The indent variable has a test to see if indent is installed, but the test
logic is inverted and has a typo in the binary name.
[Ed. The typos were part of my tests that the tests were working, and
then I absent mindedly checked it in!?! Thanks Mike for spotting
it. :*) ]
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
add rule to build HTML
add LIBATTR=no makefile support for not including filesystem support
comment cleanup for cap_file.c.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This appears to work on both redhat and ubuntu (at least the two
distributions I'm using).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
[This was mistakenly omitted from the last check in.]
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This seems like a more logical place to put a verify capabilities
than inventing a new program just for that purpose.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
You can use this to manually decode entries in /proc/<PID>/status.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Suggestion from the Slackware folk (Thanks Robby Workman for
pointing out Pat's change).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This program is not installed by default. Its more of a code sample
to help folk trying to put such checks into other programs (package
managers for example).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This shows up when you try to run getpcaps on a system still
running with 32-bit capabilities. The output is very verbose for
a process with no capabilities. Now it yields '='.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Reported-by: Ulf Grüne <ulf.gruene@t-online.de>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Reported-by: Robby Workman <rworkman@slackware.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Make it easier to find what functions are available in
the API.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This change should not impact any code.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Test new and old function with modified test.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400591
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487223
Correct fix implemented as suggested by Matt.
Reported-by: Matt Kern <matt.kern@undue.org>
Reported-by: Torsten Werner <twerner@debian.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
When the most compact representation of a set
of capabilities involves displaying unnamed
capabilities (with numbers), folk find the output
unreadable. With this change, we make an attempt
to avoid ever printing numeric capabilities in
the common cases for capability sets.
Reported-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Reported-by: Lee Essen <lee.essen@owlsbarn.co.uk>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
All the good parts of this change are Mike Frysinger's
<vapier@gentoo.org> work. Everything that is broken, is due to my
mangling of it.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Don't need to do -O2 twice.
Install the static library with the static libraries name(!)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
v3 capabilities are functionally equivalent to v2 capabilities, but
having a different magic value allow the kernel to warn about possibly
unsafe use of v2 capabilities.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Be more explicit with a local definition of _LIBCAP_CAPABILITY_* to
indicate the libraries preferred capability revision.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
[Minor edits by AGM - who prefers nul to null for the '\0' vs. '(void *) 0']
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
[AGM folded in a couple of minor things too - and a .gitignore change.]
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Don't install non-existent man pages.
Update kernel header from latest 2.6.26 git tree.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
See http://www.kernel.org/pub/linux/docs/man-pages/ for
documentation on the kernel system calls.
Reported-by: Michael Kerrisk <mtk.manpages@googlemail.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Andrew Morton said:
The hitherto-invisible-to-me PR_GET_TSC and PR_SET_TSC have turned up in
mainline, so I have renumbered your prctl options to
/* Get/set securebits (as per security/commoncap.c) */
#define PR_GET_SECUREBITS 27
#define PR_SET_SECUREBITS 28
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Also fixed a bug with config= module argument.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This function makes modifying only one of E I and P sets easier.
cap_clear() = cap_clear_flag(,E) + cap_clear_flag(,I) + cap_clear_flag(,P)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Reported separately by Serge and Chris Friedoff.
|
|
|
|
Also activated test for 2.6.24 bug (fixed by serge in 2.6.25)
|
|
This reverts commit 6f8418fa5e8a253970e317600cb963ff45fbe24e.
Serge says this was premature (and Andrew says my bad).
|
|
This change adds support for checking for new capabilities in the
/sys/kernel/capability/{codes,names}/* files when the library wasn't
compiled with the latest capabilities.
Also update documentation for cap_from_text.3 to be more explicit
about how to free a libcap allocated string. (Bug reported by Serge.)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Fixes build issues while using more than one make job, assuring that
cap_names.h is generated before compiling cap_text.c.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Add these features to capsh, and add two new test cases to
quicktest.sh (inspired by wireshark) for keeping an eye on legacy
--keep functionality:
--caps=xxx set caps as per cap_from_text()
--killit=<n> send signal(n) to child
--forkfor=<n> fork and make child sleep for <n> sec
== re-exec(capsh) with args as for --
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
If you are cross-compiling, you cannot execute `ar` and `ranlib` on the
target library, otherwise things may break. Here we create standard AR
and RANLIB variables which can easily be overridden by the environment.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
If you're installing into a temporary directory, then running ldconfig will
simply waste CPU and I/O time. The install location will not be any path
that ldconfig searches, and generally people build as non-root so the
ldconfig binary will run for a while before erroring out due to lack of
permissions.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The `install` program strips binaries when given the '-s' flag. This step
should be left up to package maintainers to handle the stripping, especially
since the `install` program will always execute `strip` -- this is no good
for cross-compiling for example.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Since the DESTDIR variable is the common standard for installing into a
staging directory, the FAKEROOT variable should default to it.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Serge H. Hallyn <sergeh@us.ibm.com>
|
|
Include copy of latest (2.6.24-mm1) capabiity.h file.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
I've added perfect hash generation support for looking
up names (if you have gperf installed).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Add a quick regression/reference test for the various capability
manipulations. (Run it as root.)
|
|
|
|
|
|
capsh allocated too little memory for the --inh argument - led to glibc
aborting with free().
libcap has always had latent support for identifying unnamed capabilities
with integers. It was untested (and therefore broken) prior to this commit.
Should be fixed now.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
- new functions: cap_{to|from}_name()
- capsh test/wrapper application
- optional pam_cap compilation
- stricter prototypes
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Capsh is a simple 'bash' wrapper program that can be used to
raise and lower both the bset and pI capabilities before invoking
/bin/bash (hardcoded right now).
The --print option can be used as a quick test whether various
capability manipulations work as expected (or not).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
_cap_names was a really clumsy interface. With this
commit, we add cap_to_name() and cap_from_name() with
manual documentation too.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Default is for make to guess if the user wants the module or not
user can override with
make PAM_CAP={yes|no}
Thanks to Chris Freidhoff for the suggestion and a first stab at a patch.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Do not support putting capabilies on symlinks and directories. You can
get around this with an older version of libcap, or using the raw
xattr API, but there is little point; the kernel only pays attention
to file capabilities when it exec()s a file.
Bug report: Chris Friedhoff
Suggested fix: Serge E. Hallyn
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Fix a bug related to the unconditional size of the VFS capabilities.
Before, the size was based on the header used to compile the library,
now the default size is based on the process capabilities supported
by the running kernel.
Chris Friedhoff reported this bug.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This is used by the SMACK LSM module in the kernel > 2.6.24-rc3-mm1.
|
|
If this directory is not created *.8 manpages will be installed incorrectly.
|
|
Signed-off-by: Andrew Morgan <morgan@kernel.org>
|
|
recursively on the enumerated directories when -r is specified.
In addition, some other features are ported from my getfcap.
When an entry contains no file-capabilities, displaying it will be
skipped without returning an error. However, -v option enables to
display those filenames with no capabilities.
-h options displays short usage message.
Please consider to apply it on your tree.
EXAMPLE:
[kaigai@saba libcap]$ ./progs/getcap -r /tmp
/tmp/ping = cap_net_raw+ep
[kaigai@saba libcap]$
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
|
|
|
|
- the kernel header doesn't need compiler.h included
+ patch submitted for upstream use.
- the cap_copy_int() function was missing a crucial assignment
Signed-off-by: Andrew Morgan <morgan@kernel.org>
|
|
This revision of libcap has support for 32-bit and 64-bit capabilities.
It also supports filesystem capabilities of both sizes.
|
|
This should compile with any iteration of a recent (2.6) kernel.
If your kernel has 64-bit capabilities support, and the kernel
headers indicate this, then it will include that. 32-bit legacy
kernel support is dynamically performed by such a build of libcap.
|
|
|
|
Note, I've been confused about the capset/capget system calls.
It would seem that the current way(TM) is to get the raw API
from libc.
|
|
Since I wrote it, and reserve all rights, I'm going to rebrand it
with the same license as libcap. (Will fix this an compiling etc.
on the next commit.)
|
|
|
|
|
|
This means one can say:
setcap "all=e cap_net_raw=p" ping
which is equivalent to
setcap "cap_net_raw=ep" ping
|
|
FWIW This value won't change until I make libcap2.
|
|
|
|
|
|
They come from libc now.
|
|
|
|
[Thanks to Joey Trungale for the bug report.]
|
|
|
|
Incorporate fixes from Red Hat rpm (1.10-25).
|
|
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.10.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.03.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.02.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.01.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.0.tar.gz
|
