[meego-commits] 6462: Changes to Trunk:Testing/libcap
Martin Xu
martin.xu at intel.com
Thu Aug 12 05:02:03 UTC 2010
Hi,
I have made the following changes to libcap in project Trunk:Testing. Please review and accept ASAP.
Thank You,
Martin Xu
[This message was auto-generated]
---
Request #6462:
submit: home:martin:branches:Trunk:Testing/libcap(r3)(cleanup) -> Trunk:Testing/libcap
Message:
upgrade to 2.19
State: new 2010-08-11T16:53:25 martin
Comment: None
changes files:
--------------
--- libcap.changes
+++ libcap.changes
@@ -0,0 +1,3 @@
+* Mon Aug 09 2010 Martin Xu <martin.xu at intel.com> - 2.19
+- Upgrade to 2.19
+
old:
----
libcap-2.17.tar.gz
new:
----
libcap-2.19.tar.gz
spec files:
-----------
--- libcap.spec
+++ libcap.spec
@@ -1,5 +1,5 @@
Name: libcap
-Version: 2.17
+Version: 2.19
Release: 1
Summary: Library for getting and setting POSIX.1e capabilities
Source: http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/%{name}-%{version}.tar.gz
@@ -70,6 +70,7 @@
%defattr(-,root,root,-)
%{_includedir}/*
/%{_lib}/*.so
+%{_mandir}/man1/*
#{_mandir}/man2/*
%{_mandir}/man3/*
other changes:
--------------
++++++ libcap-2.17.tar.gz -> libcap-2.19.tar.gz
--- libcap-2.17/CHANGELOG
+++ libcap-2.17/CHANGELOG
(renamed to libcap-2.19/CHANGELOG)
--- libcap-2.17/License
+++ libcap-2.17/License
(renamed to libcap-2.19/License)
--- libcap-2.17/Make.Rules
+++ libcap-2.17/Make.Rules
-#
-## Optional prefixes:
-#
-
-# common 'packaging' directoty
-
-FAKEROOT=$(DESTDIR)
-
-# Autoconf-style prefixes are activated when $(prefix) is defined.
-# Otherwise binaries and libraraies are installed in /{lib,sbin}/,
-# header files in /usr/include/ and documentation in /usr/man/man?/.
-
-ifndef lib
-lib=$(shell ldd /usr/bin/ld|fgrep ld-linux|cut -d/ -f2)
-endif
-
-ifdef prefix
-exec_prefix=$(prefix)
-lib_prefix=$(exec_prefix)
-inc_prefix=$(lib_prefix)
-man_prefix=$(prefix)/share
-else
-prefix=/usr
-exec_prefix=
-lib_prefix=$(exec_prefix)
-inc_prefix=$(prefix)
-man_prefix=$(prefix)/share
-endif
-
-# Target directories
-
-MANDIR=$(FAKEROOT)$(man_prefix)/man
-SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin
-INCDIR=$(FAKEROOT)$(inc_prefix)/include
-LIBDIR=$(FAKEROOT)$(lib_prefix)/$(lib)
-
-# common defines for libcap
-LIBTITLE=libcap
-VERSION=2
-MINOR=17
-#
-
-# Compilation specifics
-
-KERNEL_HEADERS := $(topdir)/libcap/include
-IPATH += -I$(topdir)/libcap/include -I$(KERNEL_HEADERS)
-
-CC := gcc
-CFLAGS := -O2
-BUILD_CC := $(CC)
-BUILD_CFLAGS := $(CFLAGS) $(IPATH)
-AR := ar
-RANLIB := ranlib
-DEBUG = -g #-DDEBUG
-WARNINGS=-fPIC -Wall -Wwrite-strings \
- -Wpointer-arith -Wcast-qual -Wcast-align \
- -Wstrict-prototypes -Wmissing-prototypes \
- -Wnested-externs -Winline -Wshadow
-LD=$(CC) -Wl,-x -shared
-LDFLAGS := #-g
-
-SYSTEM_HEADERS = /usr/include
-INCS=$(topdir)/libcap/include/sys/capability.h
-LDFLAGS += -L$(topdir)/libcap
-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) $(IPATH)
-PAM_CAP := $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi)
-INDENT := $(shell if [ -n "$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
-DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
-LIBATTR := yes
-
-# Global cleanup stuff
-
-LOCALCLEAN=rm -f *~ core
-DISTCLEAN=@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f
--- libcap-2.17/Makefile
+++ libcap-2.17/Makefile
(renamed to libcap-2.19/Makefile)
--- libcap-2.17/README
+++ libcap-2.17/README
(renamed to libcap-2.19/README)
--- libcap-2.17/contrib
+++ libcap-2.17/contrib
-(directory)
--- libcap-2.17/contrib/Makefile
+++ libcap-2.17/contrib/Makefile
(renamed to libcap-2.19/contrib/Makefile)
--- libcap-2.17/contrib/bug400591
+++ libcap-2.17/contrib/bug400591
-(directory)
--- libcap-2.17/contrib/bug400591/Makefile
+++ libcap-2.17/contrib/bug400591/Makefile
(renamed to libcap-2.19/contrib/bug400591/Makefile)
--- libcap-2.17/contrib/bug400591/bug.c
+++ libcap-2.17/contrib/bug400591/bug.c
(renamed to libcap-2.19/contrib/bug400591/bug.c)
--- libcap-2.17/contrib/pcaps4convenience
+++ libcap-2.17/contrib/pcaps4convenience
(renamed to libcap-2.19/contrib/pcaps4convenience)
--- libcap-2.17/contrib/pcaps4server
+++ libcap-2.17/contrib/pcaps4server
(renamed to libcap-2.19/contrib/pcaps4server)
--- libcap-2.17/contrib/pcaps4suid0
+++ libcap-2.17/contrib/pcaps4suid0
(renamed to libcap-2.19/contrib/pcaps4suid0)
--- libcap-2.17/doc
+++ libcap-2.17/doc
-(directory)
--- libcap-2.17/doc/Makefile
+++ libcap-2.17/doc/Makefile
-#
-# Makefile for libcap documentation
-#
-
-topdir=$(shell pwd)/..
-include $(topdir)/Make.Rules
-
-MAN3S = cap_init.3 cap_free.3 cap_dup.3 \
- cap_clear.3 cap_clear_flag.3 cap_get_flag.3 cap_set_flag.3 \
- cap_compare.3 cap_get_proc.3 cap_get_pid.3 cap_set_proc.3 \
- cap_get_file.3 cap_get_fd.3 cap_set_file.3 cap_set_fd.3 \
- cap_copy_ext.3 cap_size.3 cap_copy_int.3 \
- cap_from_text.3 cap_to_text.3 cap_from_name.3 cap_to_name.3 \
- capsetp.3 capgetp.3 libcap.3
-MAN8S = getcap.8 setcap.8
-
-MANS = $(MAN3S) $(MAN8S)
-
-all: $(MANS)
-
-.PHONY: html
-html:
- mkdir -p html
- for man in $(MANS) ; \
- do \
- egrep '^\.so man' $$man > /dev/null || \
- groff -man -Thtml $$man > html/$$man.html ; \
- done
-
-install:
- mkdir -p -m 755 $(MANDIR)/man3 $(MANDIR)/man8
- for man in \
- $(MANDIR)/man3 $(MAN3S) \
- $(MANDIR)/man8 $(MAN8S) \
- ; \
- do \
- case $$man in \
- /*) sub=$$man ; continue ;; \
- esac; \
- install -m 644 $$man $$sub ; \
- done
-
-clean:
- $(LOCALCLEAN)
- rm -rf html
-
-
--- libcap-2.17/doc/cap_clear.3
+++ libcap-2.17/doc/cap_clear.3
(renamed to libcap-2.19/doc/cap_clear.3)
--- libcap-2.17/doc/cap_clear_flag.3
+++ libcap-2.17/doc/cap_clear_flag.3
-.so man3/cap_clear.3
--- libcap-2.17/doc/cap_compare.3
+++ libcap-2.17/doc/cap_compare.3
-.so man3/cap_clear.3
--- libcap-2.17/doc/cap_copy_ext.3
+++ libcap-2.17/doc/cap_copy_ext.3
(renamed to libcap-2.19/doc/cap_copy_ext.3)
--- libcap-2.17/doc/cap_copy_int.3
+++ libcap-2.17/doc/cap_copy_int.3
(renamed to libcap-2.19/doc/cap_size.3)
--- libcap-2.17/doc/cap_dup.3
+++ libcap-2.17/doc/cap_dup.3
(renamed to libcap-2.19/doc/cap_free.3)
--- libcap-2.17/doc/cap_free.3
+++ libcap-2.17/doc/cap_free.3
-.so man3/cap_init.3
--- libcap-2.17/doc/cap_from_name.3
+++ libcap-2.17/doc/cap_from_name.3
-.so man3/cap_from_text.3
--- libcap-2.17/doc/cap_from_text.3
+++ libcap-2.17/doc/cap_from_text.3
(renamed to libcap-2.19/doc/cap_from_text.3)
--- libcap-2.17/doc/cap_get_fd.3
+++ libcap-2.17/doc/cap_get_fd.3
-.so man3/cap_get_file.3
--- libcap-2.17/doc/cap_get_file.3
+++ libcap-2.17/doc/cap_get_file.3
(renamed to libcap-2.19/doc/cap_get_file.3)
--- libcap-2.17/doc/cap_get_flag.3
+++ libcap-2.17/doc/cap_get_flag.3
(renamed to libcap-2.19/doc/cap_set_flag.3)
--- libcap-2.17/doc/cap_get_pid.3
+++ libcap-2.17/doc/cap_get_pid.3
-.so man3/cap_get_proc.3
--- libcap-2.17/doc/cap_get_proc.3
+++ libcap-2.17/doc/cap_get_proc.3
(renamed to libcap-2.19/doc/cap_get_proc.3)
--- libcap-2.17/doc/cap_init.3
+++ libcap-2.17/doc/cap_init.3
(renamed to libcap-2.19/doc/cap_init.3)
--- libcap-2.17/doc/cap_set_fd.3
+++ libcap-2.17/doc/cap_set_fd.3
-.so man3/cap_get_file.3
--- libcap-2.17/doc/cap_set_file.3
+++ libcap-2.17/doc/cap_set_file.3
(renamed to libcap-2.19/doc/cap_set_fd.3)
--- libcap-2.17/doc/cap_set_flag.3
+++ libcap-2.17/doc/cap_set_flag.3
-.so man3/cap_clear.3
--- libcap-2.17/doc/cap_set_proc.3
+++ libcap-2.17/doc/cap_set_proc.3
-.so man3/cap_get_proc.3
--- libcap-2.17/doc/cap_size.3
+++ libcap-2.17/doc/cap_size.3
-.so man3/cap_copy_ext.3
--- libcap-2.17/doc/cap_to_name.3
+++ libcap-2.17/doc/cap_to_name.3
-.so man3/cap_from_text.3
--- libcap-2.17/doc/cap_to_text.3
+++ libcap-2.17/doc/cap_to_text.3
(renamed to libcap-2.19/doc/cap_to_name.3)
--- libcap-2.17/doc/capability.notes
+++ libcap-2.17/doc/capability.notes
(renamed to libcap-2.19/doc/capability.notes)
--- libcap-2.17/doc/capgetp.3
+++ libcap-2.17/doc/capgetp.3
-.so man3/cap_get_proc.3
--- libcap-2.17/doc/capsetp.3
+++ libcap-2.17/doc/capsetp.3
(renamed to libcap-2.19/doc/cap_set_proc.3)
--- libcap-2.17/doc/getcap.8
+++ libcap-2.17/doc/getcap.8
-.\"
-.\" $Id: getcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $
-.\" written by Andrew Main <zefram at dcs.warwick.ac.uk>
-.\"
-.TH GETCAP 8 "12 Nov 2007"
-.SH NAME
-getcap \- examine file capabilities
-.SH SYNOPSIS
-\fBgetcap\fP [-v] [-r] [-h] \fIfilename\fP [ ... ]
-.SH DESCRIPTION
-.B getcap
-displays the name and capabilities of each specified
-.SH OPTIONS
-.TP 4
-.B -r
-enables recursive search.
-.TP 4
-.B -v
-enables to display all searched entries, even if it has no file-capabilities.
-.TP 4
-.B -h
-prints quick usage.
-.IR filename .
-One file per line.
-.SH "SEE ALSO"
-.IR cap_get_file (3),
-.IR cap_to_text (3),
-.IR setcap (8)
--- libcap-2.17/doc/libcap.3
+++ libcap-2.17/doc/libcap.3
(renamed to libcap-2.19/doc/libcap.3)
--- libcap-2.17/doc/old
+++ libcap-2.17/doc/old
-(directory)
--- libcap-2.17/doc/old/README
+++ libcap-2.17/doc/old/README
-these files are not relevant to this release
--- libcap-2.17/doc/old/_fgetfilecap.2
+++ libcap-2.17/doc/old/_fgetfilecap.2
-.so man2/_setfilecap.2
--- libcap-2.17/doc/old/_fsetfilecap.2
+++ libcap-2.17/doc/old/_fsetfilecap.2
-.so man2/_setfilecap.2
--- libcap-2.17/doc/old/_getfilecap.2
+++ libcap-2.17/doc/old/_getfilecap.2
(renamed to libcap-2.19/doc/old/_fgetfilecap.2)
--- libcap-2.17/doc/old/_getproccap.2
+++ libcap-2.17/doc/old/_getproccap.2
(renamed to libcap-2.19/doc/old/_getproccap.2)
--- libcap-2.17/doc/old/_setfilecap.2
+++ libcap-2.17/doc/old/_setfilecap.2
(renamed to libcap-2.19/doc/old/_setfilecap.2)
--- libcap-2.17/doc/old/_setproccap.2
+++ libcap-2.17/doc/old/_setproccap.2
(renamed to libcap-2.19/doc/old/_setproccap.2)
--- libcap-2.17/doc/setcap.8
+++ libcap-2.17/doc/setcap.8
-.\"
-.\" $Id: setcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $
-.\"
-.TH SETCAP 8 "24th October 2008"
-.SH NAME
-setcap \- set file capabilities
-.SH SYNOPSIS
-\fBsetcap\fP [-q] [-v] (\fIcapabilities|-|-r) filename\fP [ ... \fIcapabilitiesN\fP \fIfileN\fP ]
-.SH DESCRIPTION
-In the absence of the
-.B -v
-(verify) option
-.B setcap
-sets the capabilities of each specified
-.I filename
-to the
-.I capabilities
-specified. The
-.B -v
-option is used to verify that the specified capabilities are currently
-associated with the file.
-.PP
-The
-.I capabilities
-are specified in the form described in
-.IR cap_from_text (3).
-.PP
-The special capability string,
-.BR '-' ,
-can be used to indicate that capabilities are read from the standard
-input. In such cases, the capability set is terminated with a blank
-line.
-.PP
-The special capability string,
-.BR '-r' ,
-is used to remove a capability set from a file.
-.PP
-The
-.B -q
-flag is used to make the program less verbose in its output.
-.SH "EXIT CODE"
-The
-.B setcap
-program will exit with a 0 exit code if successful. On failure, the
-exit code is 1.
-.SH "SEE ALSO"
-.IR cap_from_text (3),
-.IR cap_set_file (3),
-.IR getcap (8)
--- libcap-2.17/libcap
+++ libcap-2.17/libcap
-(directory)
--- libcap-2.17/libcap/.gitignore
+++ libcap-2.17/libcap/.gitignore
(renamed to libcap-2.19/libcap/.gitignore)
--- libcap-2.17/libcap/Makefile
+++ libcap-2.17/libcap/Makefile
(renamed to libcap-2.19/libcap/Makefile)
--- libcap-2.17/libcap/_makenames.c
+++ libcap-2.17/libcap/_makenames.c
(renamed to libcap-2.19/libcap/_makenames.c)
--- libcap-2.17/libcap/cap_alloc.c
+++ libcap-2.17/libcap/cap_alloc.c
(renamed to libcap-2.19/libcap/cap_alloc.c)
--- libcap-2.17/libcap/cap_extint.c
+++ libcap-2.17/libcap/cap_extint.c
(renamed to libcap-2.19/libcap/cap_extint.c)
--- libcap-2.17/libcap/cap_file.c
+++ libcap-2.17/libcap/cap_file.c
(renamed to libcap-2.19/libcap/cap_file.c)
--- libcap-2.17/libcap/cap_flag.c
+++ libcap-2.17/libcap/cap_flag.c
(renamed to libcap-2.19/libcap/cap_flag.c)
--- libcap-2.17/libcap/cap_proc.c
+++ libcap-2.17/libcap/cap_proc.c
(renamed to libcap-2.19/libcap/cap_proc.c)
--- libcap-2.17/libcap/cap_text.c
+++ libcap-2.17/libcap/cap_text.c
(renamed to libcap-2.19/libcap/cap_text.c)
--- libcap-2.17/libcap/include
+++ libcap-2.17/libcap/include
-(directory)
--- libcap-2.17/libcap/include/linux
+++ libcap-2.17/libcap/include/linux
-(directory)
--- libcap-2.17/libcap/include/linux/capability.h
+++ libcap-2.17/libcap/include/linux/capability.h
-/*
- * This is <linux/capability.h>
- *
- * Andrew G. Morgan <morgan at kernel.org>
- * Alexander Kjeldaas <astor at guardian.no>
- * with help from Aleph1, Roland Buresund and Andrew Main.
- *
- * See here for the libcap library ("POSIX draft" compliance):
- *
- * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
- */
-
-#ifndef _LINUX_CAPABILITY_H
-#define _LINUX_CAPABILITY_H
-
-#include <linux/types.h>
-
-struct task_struct;
-
-/* User-level do most of the mapping between kernel and user
- capabilities based on the version tag given by the kernel. The
- kernel might be somewhat backwards compatible, but don't bet on
- it. */
-
-/* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to
- a set of three capability sets. The transposition of 3*the
- following structure to such a composite is better handled in a user
- library since the draft standard requires the use of malloc/free
- etc.. */
-
-#define _LINUX_CAPABILITY_VERSION_1 0x19980330
-#define _LINUX_CAPABILITY_U32S_1 1
-
-#define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */
-#define _LINUX_CAPABILITY_U32S_2 2
-
-#define _LINUX_CAPABILITY_VERSION_3 0x20080522
-#define _LINUX_CAPABILITY_U32S_3 2
-
-typedef struct __user_cap_header_struct {
- __u32 version;
- int pid;
-} __user *cap_user_header_t;
-
-typedef struct __user_cap_data_struct {
- __u32 effective;
- __u32 permitted;
- __u32 inheritable;
-} __user *cap_user_data_t;
-
-
-#define XATTR_CAPS_SUFFIX "capability"
-#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
-
-#define VFS_CAP_REVISION_MASK 0xFF000000
-#define VFS_CAP_REVISION_SHIFT 24
-#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
-#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
-
-#define VFS_CAP_REVISION_1 0x01000000
-#define VFS_CAP_U32_1 1
-#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1))
-
-#define VFS_CAP_REVISION_2 0x02000000
-#define VFS_CAP_U32_2 2
-#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
-
-#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2
-#define VFS_CAP_U32 VFS_CAP_U32_2
-#define VFS_CAP_REVISION VFS_CAP_REVISION_2
-
-struct vfs_cap_data {
- __le32 magic_etc; /* Little endian */
- struct {
- __le32 permitted; /* Little endian */
- __le32 inheritable; /* Little endian */
- } data[VFS_CAP_U32];
-};
-
-#ifndef __KERNEL__
-
-/*
- * Backwardly compatible definition for source code - trapped in a
- * 32-bit world. If you find you need this, please consider using
- * libcap to untrap yourself...
- */
-#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1
-#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1
-
-#else
-
-#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
-#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
-
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
-extern int file_caps_enabled;
-#endif
-
-typedef struct kernel_cap_struct {
- __u32 cap[_KERNEL_CAPABILITY_U32S];
-} kernel_cap_t;
-
-/* exact same as vfs_cap_data but in cpu endian and always filled completely */
-struct cpu_vfs_cap_data {
- __u32 magic_etc;
- kernel_cap_t permitted;
- kernel_cap_t inheritable;
-};
-
-#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
-#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
-
-#endif
-
-
-/**
- ** POSIX-draft defined capabilities.
- **/
-
-/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
- overrides the restriction of changing file ownership and group
- ownership. */
-
-#define CAP_CHOWN 0
-
-/* Override all DAC access, including ACL execute access if
- [_POSIX_ACL] is defined. Excluding DAC access covered by
- CAP_LINUX_IMMUTABLE. */
-
-#define CAP_DAC_OVERRIDE 1
-
-/* Overrides all DAC restrictions regarding read and search on files
- and directories, including ACL restrictions if [_POSIX_ACL] is
- defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
-
-#define CAP_DAC_READ_SEARCH 2
-
-/* Overrides all restrictions about allowed operations on files, where
- file owner ID must be equal to the user ID, except where CAP_FSETID
- is applicable. It doesn't override MAC and DAC restrictions. */
-
-#define CAP_FOWNER 3
-
-/* Overrides the following restrictions that the effective user ID
- shall match the file owner ID when setting the S_ISUID and S_ISGID
- bits on that file; that the effective group ID (or one of the
- supplementary group IDs) shall match the file owner ID when setting
- the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
- cleared on successful return from chown(2) (not implemented). */
-
-#define CAP_FSETID 4
-
-/* Overrides the restriction that the real or effective user ID of a
- process sending a signal must match the real or effective user ID
- of the process receiving the signal. */
-
-#define CAP_KILL 5
-
-/* Allows setgid(2) manipulation */
-/* Allows setgroups(2) */
-/* Allows forged gids on socket credentials passing. */
-
-#define CAP_SETGID 6
-
-/* Allows set*uid(2) manipulation (including fsuid). */
-/* Allows forged pids on socket credentials passing. */
-
-#define CAP_SETUID 7
-
-
-/**
- ** Linux-specific capabilities
- **/
-
-/* Without VFS support for capabilities:
- * Transfer any capability in your permitted set to any pid,
- * remove any capability in your permitted set from any pid
- * With VFS support for capabilities (neither of above, but)
- * Add any capability from current's capability bounding set
- * to the current process' inheritable set
- * Allow taking bits out of capability bounding set
- * Allow modification of the securebits for a process
- */
-
-#define CAP_SETPCAP 8
-
-/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */
-
-#define CAP_LINUX_IMMUTABLE 9
-
-/* Allows binding to TCP/UDP sockets below 1024 */
-/* Allows binding to ATM VCIs below 32 */
-
-#define CAP_NET_BIND_SERVICE 10
-
-/* Allow broadcasting, listen to multicast */
-
-#define CAP_NET_BROADCAST 11
-
-/* Allow interface configuration */
-/* Allow administration of IP firewall, masquerading and accounting */
-/* Allow setting debug option on sockets */
-/* Allow modification of routing tables */
-/* Allow setting arbitrary process / process group ownership on
- sockets */
-/* Allow binding to any address for transparent proxying */
-/* Allow setting TOS (type of service) */
-/* Allow setting promiscuous mode */
-/* Allow clearing driver statistics */
-/* Allow multicasting */
-/* Allow read/write of device-specific registers */
-/* Allow activation of ATM control sockets */
-
-#define CAP_NET_ADMIN 12
-
-/* Allow use of RAW sockets */
-/* Allow use of PACKET sockets */
-
-#define CAP_NET_RAW 13
-
-/* Allow locking of shared memory segments */
-/* Allow mlock and mlockall (which doesn't really have anything to do
- with IPC) */
-
-#define CAP_IPC_LOCK 14
-
-/* Override IPC ownership checks */
-
-#define CAP_IPC_OWNER 15
-
-/* Insert and remove kernel modules - modify kernel without limit */
-#define CAP_SYS_MODULE 16
-
-/* Allow ioperm/iopl access */
-/* Allow sending USB messages to any device via /proc/bus/usb */
-
-#define CAP_SYS_RAWIO 17
-
-/* Allow use of chroot() */
-
-#define CAP_SYS_CHROOT 18
-
-/* Allow ptrace() of any process */
-
-#define CAP_SYS_PTRACE 19
-
-/* Allow configuration of process accounting */
-
-#define CAP_SYS_PACCT 20
-
-/* Allow configuration of the secure attention key */
-/* Allow administration of the random device */
-/* Allow examination and configuration of disk quotas */
-/* Allow configuring the kernel's syslog (printk behaviour) */
-/* Allow setting the domainname */
-/* Allow setting the hostname */
-/* Allow calling bdflush() */
-/* Allow mount() and umount(), setting up new smb connection */
-/* Allow some autofs root ioctls */
-/* Allow nfsservctl */
-/* Allow VM86_REQUEST_IRQ */
-/* Allow to read/write pci config on alpha */
-/* Allow irix_prctl on mips (setstacksize) */
-/* Allow flushing all cache on m68k (sys_cacheflush) */
-/* Allow removing semaphores */
-/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
- and shared memory */
-/* Allow locking/unlocking of shared memory segment */
-/* Allow turning swap on/off */
-/* Allow forged pids on socket credentials passing */
-/* Allow setting readahead and flushing buffers on block devices */
-/* Allow setting geometry in floppy driver */
-/* Allow turning DMA on/off in xd driver */
-/* Allow administration of md devices (mostly the above, but some
- extra ioctls) */
-/* Allow tuning the ide driver */
-/* Allow access to the nvram device */
-/* Allow administration of apm_bios, serial and bttv (TV) device */
-/* Allow manufacturer commands in isdn CAPI support driver */
-/* Allow reading non-standardized portions of pci configuration space */
-/* Allow DDI debug ioctl on sbpcd driver */
-/* Allow setting up serial ports */
-/* Allow sending raw qic-117 commands */
-/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
- arbitrary SCSI commands */
-/* Allow setting encryption key on loopback filesystem */
-/* Allow setting zone reclaim policy */
-
-#define CAP_SYS_ADMIN 21
-
-/* Allow use of reboot() */
-
-#define CAP_SYS_BOOT 22
-
-/* Allow raising priority and setting priority on other (different
- UID) processes */
-/* Allow use of FIFO and round-robin (realtime) scheduling on own
- processes and setting the scheduling algorithm used by another
- process. */
-/* Allow setting cpu affinity on other processes */
-
-#define CAP_SYS_NICE 23
-
-/* Override resource limits. Set resource limits. */
-/* Override quota limits. */
-/* Override reserved space on ext2 filesystem */
-/* Modify data journaling mode on ext3 filesystem (uses journaling
- resources) */
-/* NOTE: ext2 honors fsuid when checking for resource overrides, so
- you can override using fsuid too */
-/* Override size restrictions on IPC message queues */
-/* Allow more than 64hz interrupts from the real-time clock */
-/* Override max number of consoles on console allocation */
-/* Override max number of keymaps */
-
-#define CAP_SYS_RESOURCE 24
-
-/* Allow manipulation of system clock */
-/* Allow irix_stime on mips */
-/* Allow setting the real-time clock */
-
-#define CAP_SYS_TIME 25
-
-/* Allow configuration of tty devices */
-/* Allow vhangup() of tty */
-
-#define CAP_SYS_TTY_CONFIG 26
-
-/* Allow the privileged aspects of mknod() */
-
-#define CAP_MKNOD 27
-
-/* Allow taking of leases on files */
-
-#define CAP_LEASE 28
-
-#define CAP_AUDIT_WRITE 29
-
-#define CAP_AUDIT_CONTROL 30
-
-#define CAP_SETFCAP 31
-
-/* Override MAC access.
- The base kernel enforces no MAC policy.
- An LSM may enforce a MAC policy, and if it does and it chooses
- to implement capability based overrides of that policy, this is
- the capability it should use to do so. */
-
-#define CAP_MAC_OVERRIDE 32
-
-/* Allow MAC configuration or state changes.
- The base kernel requires no MAC configuration.
- An LSM may enforce a MAC policy, and if it does and it chooses
- to implement capability based checks on modifications to that
- policy or the data required to maintain it, this is the
- capability it should use to do so. */
-
-#define CAP_MAC_ADMIN 33
-
-#define CAP_LAST_CAP CAP_MAC_ADMIN
-
-#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
-
-/*
- * Bit location of each capability (used by user-space library and kernel)
- */
-
-#define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */
-#define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */
-
-#ifdef __KERNEL__
-
-/*
- * Internal kernel functions only
- */
-
-#define CAP_FOR_EACH_U32(__capi) \
- for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
-
-/*
- * CAP_FS_MASK and CAP_NFSD_MASKS:
- *
- * The fs mask is all the privileges that fsuid==0 historically meant.
- * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
- *
- * It has never meant setting security.* and trusted.* xattrs.
- *
- * We could also define fsmask as follows:
- * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
- * 2. The security.* and trusted.* xattrs are fs-related MAC permissions
- */
-
-# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
- | CAP_TO_MASK(CAP_MKNOD) \
- | CAP_TO_MASK(CAP_DAC_OVERRIDE) \
- | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
- | CAP_TO_MASK(CAP_FOWNER) \
- | CAP_TO_MASK(CAP_FSETID))
-
-# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
-
-#if _KERNEL_CAPABILITY_U32S != 2
-# error Fix up hand-coded capability macro initializers
-#else /* HAND-CODED capability initializers */
-
-# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
-# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
-# define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
-# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
- | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
- CAP_FS_MASK_B1 } })
-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
- | CAP_TO_MASK(CAP_SYS_RESOURCE), \
- CAP_FS_MASK_B1 } })
-
-#endif /* _KERNEL_CAPABILITY_U32S != 2 */
-
-#define CAP_INIT_INH_SET CAP_EMPTY_SET
-
-# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
-# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
-# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
-
-#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
-#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
-#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
-
-#define CAP_BOP_ALL(c, a, b, OP) \
-do { \
- unsigned __capi; \
- CAP_FOR_EACH_U32(__capi) { \
- c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
- } \
-} while (0)
-
-#define CAP_UOP_ALL(c, a, OP) \
-do { \
- unsigned __capi; \
- CAP_FOR_EACH_U32(__capi) { \
- c.cap[__capi] = OP a.cap[__capi]; \
- } \
-} while (0)
-
-static inline kernel_cap_t cap_combine(const kernel_cap_t a,
- const kernel_cap_t b)
-{
- kernel_cap_t dest;
- CAP_BOP_ALL(dest, a, b, |);
- return dest;
-}
-
-static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
- const kernel_cap_t b)
-{
- kernel_cap_t dest;
- CAP_BOP_ALL(dest, a, b, &);
- return dest;
-}
-
-static inline kernel_cap_t cap_drop(const kernel_cap_t a,
- const kernel_cap_t drop)
-{
- kernel_cap_t dest;
- CAP_BOP_ALL(dest, a, drop, &~);
- return dest;
-}
-
-static inline kernel_cap_t cap_invert(const kernel_cap_t c)
-{
- kernel_cap_t dest;
- CAP_UOP_ALL(dest, c, ~);
- return dest;
-}
-
-static inline int cap_isclear(const kernel_cap_t a)
-{
- unsigned __capi;
- CAP_FOR_EACH_U32(__capi) {
- if (a.cap[__capi] != 0)
- return 0;
- }
- return 1;
-}
-
-/*
- * Check if "a" is a subset of "set".
- * return 1 if ALL of the capabilities in "a" are also in "set"
- * cap_issubset(0101, 1111) will return 1
- * return 0 if ANY of the capabilities in "a" are not in "set"
- * cap_issubset(1111, 0101) will return 0
- */
-static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
-{
- kernel_cap_t dest;
- dest = cap_drop(a, set);
- return cap_isclear(dest);
-}
-
-/* Used to decide between falling back on the old suser() or fsuser(). */
-
-static inline int cap_is_fs_cap(int cap)
-{
- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
- return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]);
-}
-
-static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
-{
- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
- return cap_drop(a, __cap_fs_set);
-}
-
-static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
- const kernel_cap_t permitted)
-{
- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
- return cap_combine(a,
- cap_intersect(permitted, __cap_fs_set));
-}
-
-static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
-{
- const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
- return cap_drop(a, __cap_fs_set);
-}
-
-static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
- const kernel_cap_t permitted)
-{
- const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
- return cap_combine(a,
- cap_intersect(permitted, __cap_nfsd_set));
-}
-
-extern const kernel_cap_t __cap_empty_set;
-extern const kernel_cap_t __cap_full_set;
-extern const kernel_cap_t __cap_init_eff_set;
-
-/**
- * has_capability - Determine if a task has a superior capability available
- * @t: The task in question
- * @cap: The capability to be tested for
- *
- * Return true if the specified task has the given superior capability
- * currently in effect, false if not.
- *
- * Note that this does not set PF_SUPERPRIV on the task.
- */
-#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)
-
-/**
- * has_capability_noaudit - Determine if a task has a superior capability available (unaudited)
- * @t: The task in question
- * @cap: The capability to be tested for
- *
- * Return true if the specified task has the given superior capability
- * currently in effect, false if not, but don't write an audit message for the
- * check.
- *
- * Note that this does not set PF_SUPERPRIV on the task.
- */
-#define has_capability_noaudit(t, cap) \
- (security_real_capable_noaudit((t), (cap)) == 0)
-
-extern int capable(int cap);
-
-/* audit system wants to get cap info from files as well */
-struct dentry;
-extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
-
-#endif /* __KERNEL__ */
-
-#endif /* !_LINUX_CAPABILITY_H */
--- libcap-2.17/libcap/include/sys
+++ libcap-2.17/libcap/include/sys
-(directory)
--- libcap-2.17/libcap/include/sys/capability.h
+++ libcap-2.17/libcap/include/sys/capability.h
(renamed to libcap-2.19/libcap/include/sys/capability.h)
--- libcap-2.17/libcap/libcap.h
+++ libcap-2.17/libcap/libcap.h
(renamed to libcap-2.19/libcap/libcap.h)
--- libcap-2.17/pam_cap
+++ libcap-2.17/pam_cap
-(directory)
--- libcap-2.17/pam_cap/.gitignore
+++ libcap-2.17/pam_cap/.gitignore
(renamed to libcap-2.19/pam_cap/.gitignore)
--- libcap-2.17/pam_cap/License
+++ libcap-2.17/pam_cap/License
(renamed to libcap-2.19/pam_cap/License)
--- libcap-2.17/pam_cap/Makefile
+++ libcap-2.17/pam_cap/Makefile
(renamed to libcap-2.19/pam_cap/Makefile)
--- libcap-2.17/pam_cap/capability.conf
+++ libcap-2.17/pam_cap/capability.conf
(renamed to libcap-2.19/pam_cap/capability.conf)
--- libcap-2.17/pam_cap/pam_cap.c
+++ libcap-2.17/pam_cap/pam_cap.c
(renamed to libcap-2.19/pam_cap/pam_cap.c)
--- libcap-2.17/pam_cap/test.c
+++ libcap-2.17/pam_cap/test.c
(renamed to libcap-2.19/pam_cap/test.c)
--- libcap-2.17/pgp.keys.asc
+++ libcap-2.17/pgp.keys.asc
(renamed to libcap-2.19/pgp.keys.asc)
--- libcap-2.17/progs
+++ libcap-2.17/progs
-(directory)
--- libcap-2.17/progs/.gitignore
+++ libcap-2.17/progs/.gitignore
(renamed to libcap-2.19/progs/.gitignore)
--- libcap-2.17/progs/Makefile
+++ libcap-2.17/progs/Makefile
(renamed to libcap-2.19/progs/Makefile)
--- libcap-2.17/progs/capsh.c
+++ libcap-2.17/progs/capsh.c
-/*
- * Copyright (c) 2008 Andrew G. Morgan <morgan at kernel.org>
- *
- * This is a simple 'bash' wrapper program that can be used to
- * raise and lower both the bset and pI capabilities before invoking
- * /bin/bash (hardcoded right now).
- *
- * The --print option can be used as a quick test whether various
- * capability manipulations work as expected (or not).
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/prctl.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/wait.h>
-#include <sys/capability.h>
-
-/* prctl based API for altering character of current process */
-#define PR_GET_KEEPCAPS 7
-#define PR_SET_KEEPCAPS 8
-#define PR_CAPBSET_READ 23
-#define PR_CAPBSET_DROP 24
-#define PR_GET_SECUREBITS 27
-#define PR_SET_SECUREBITS 28
-
-static const cap_value_t raise_setpcap[1] = { CAP_SETPCAP };
-static const cap_value_t raise_chroot[1] = { CAP_SYS_CHROOT };
-
-int main(int argc, char *argv[], char *envp[])
-{
- pid_t child;
- unsigned i;
-
- child = 0;
-
- for (i=1; i<argc; ++i) {
- if (!memcmp("--drop=", argv[i], 4)) {
- char *ptr;
- cap_t orig, raised_for_setpcap;
-
- /*
- * We need to do this here because --inh=XXX may have reset
- * orig and it isn't until we are within the --drop code that
- * we know what the prevailing (orig) pI value is.
- */
- orig = cap_get_proc();
- if (orig == NULL) {
- perror("Capabilities not available");
- exit(1);
- }
-
- raised_for_setpcap = cap_dup(orig);
- if (raised_for_setpcap == NULL) {
- fprintf(stderr, "BSET modification requires CAP_SETPCAP\n");
- exit(1);
- }
-
- if (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
- raise_setpcap, CAP_SET) != 0) {
- perror("unable to select CAP_SETPCAP");
- exit(1);
- }
-
- for (ptr = argv[i]+7; (ptr = strtok(ptr, ",")); ptr = NULL) {
- /* find name for token */
- cap_value_t cap;
- int status;
-
- if (cap_from_name(ptr, &cap) != 0) {
- fprintf(stderr, "capability [%s] is unknown to libcap\n",
- ptr);
- exit(1);
- }
- if (cap_set_proc(raised_for_setpcap) != 0) {
- perror("unable to raise CAP_SETPCAP for BSET changes");
- exit(1);
- }
- status = prctl(PR_CAPBSET_DROP, cap);
- if (cap_set_proc(orig) != 0) {
- perror("unable to lower CAP_SETPCAP post BSET change");
- exit(1);
- }
- if (status) {
- fprintf(stderr, "failed to drop [%s=%u]\n", ptr, cap);
- exit(1);
- }
- }
-
- cap_free(raised_for_setpcap);
- cap_free(orig);
- } else if (!memcmp("--inh=", argv[i], 6)) {
- cap_t all, raised_for_setpcap;
- char *text;
- char *ptr;
-
- all = cap_get_proc();
- if (all == NULL) {
- perror("Capabilities not available");
- exit(1);
- }
- if (cap_clear_flag(all, CAP_INHERITABLE) != 0) {
- perror("libcap:cap_clear_flag() internal error");
- exit(1);
- }
-
- raised_for_setpcap = cap_dup(all);
- if ((raised_for_setpcap != NULL)
- && (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
- raise_setpcap, CAP_SET) != 0)) {
- cap_free(raised_for_setpcap);
- raised_for_setpcap = NULL;
- }
-
- text = cap_to_text(all, NULL);
- cap_free(all);
- if (text == NULL) {
- perror("Fatal error concerning process capabilities");
- exit(1);
- }
- ptr = malloc(10 + strlen(argv[i]+6) + strlen(text));
- if (ptr == NULL) {
- perror("Out of memory for inh set");
- exit(1);
- }
- sprintf(ptr, "%s %s+i", text, argv[i]+6);
-
- all = cap_from_text(ptr);
- if (all == NULL) {
- perror("Fatal error internalizing capabilities");
- exit(1);
- }
- cap_free(text);
- free(ptr);
-
- if (raised_for_setpcap != NULL) {
- /*
- * This is only for the case that pP does not contain
- * the requested change to pI.. Failing here is not
- * indicative of the cap_set_proc(all) failing (always).
- */
- (void) cap_set_proc(raised_for_setpcap);
- cap_free(raised_for_setpcap);
- raised_for_setpcap = NULL;
- }
-
- if (cap_set_proc(all) != 0) {
- perror("Unable to set inheritable capabilities");
- exit(1);
- }
- /*
- * Since status is based on orig, we don't want to restore
- * the previous value of 'all' again here!
- */
-
- cap_free(all);
- } else if (!memcmp("--caps=", argv[i], 7)) {
- cap_t all, raised_for_setpcap;
-
- raised_for_setpcap = cap_get_proc();
- if (raised_for_setpcap == NULL) {
- perror("Capabilities not available");
- exit(1);
- }
-
- if ((raised_for_setpcap != NULL)
- && (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
- raise_setpcap, CAP_SET) != 0)) {
- cap_free(raised_for_setpcap);
- raised_for_setpcap = NULL;
- }
-
- all = cap_from_text(argv[i]+7);
- if (all == NULL) {
- fprintf(stderr, "unable to interpret [%s]\n", argv[i]);
- exit(1);
- }
-
- if (raised_for_setpcap != NULL) {
- /*
- * This is only for the case that pP does not contain
- * the requested change to pI.. Failing here is not
- * indicative of the cap_set_proc(all) failing (always).
- */
- (void) cap_set_proc(raised_for_setpcap);
- cap_free(raised_for_setpcap);
- raised_for_setpcap = NULL;
- }
-
- if (cap_set_proc(all) != 0) {
- fprintf(stderr, "Unable to set capabilities [%s]\n", argv[i]);
- exit(1);
- }
- /*
- * Since status is based on orig, we don't want to restore
- * the previous value of 'all' again here!
- */
-
- cap_free(all);
- } else if (!memcmp("--keep=", argv[i], 7)) {
- unsigned value;
- int set;
-
- value = strtoul(argv[i]+7, NULL, 0);
- set = prctl(PR_SET_KEEPCAPS, value);
- if (set < 0) {
- fprintf(stderr, "prctl(PR_SET_KEEPCAPS, %u) failed: %s\n",
- value, strerror(errno));
- exit(1);
- }
- } else if (!memcmp("--chroot=", argv[i], 9)) {
- int status;
- cap_t orig, raised_for_chroot;
-
- orig = cap_get_proc();
- if (orig == NULL) {
- perror("Capabilities not available");
- exit(1);
- }
-
- raised_for_chroot = cap_dup(orig);
- if (raised_for_chroot == NULL) {
- perror("Unable to duplicate capabilities");
- exit(1);
- }
-
- if (cap_set_flag(raised_for_chroot, CAP_EFFECTIVE, 1, raise_chroot,
- CAP_SET) != 0) {
- perror("unable to select CAP_SET_SYS_CHROOT");
- exit(1);
- }
-
- if (cap_set_proc(raised_for_chroot) != 0) {
- perror("unable to raise CAP_SYS_CHROOT");
- exit(1);
- }
- cap_free(raised_for_chroot);
-
- status = chroot(argv[i]+9);
- if (cap_set_proc(orig) != 0) {
- perror("unable to lower CAP_SYS_CHROOT");
- exit(1);
- }
- cap_free(orig);
-
- if (status != 0) {
- fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
- exit(1);
- }
- } else if (!memcmp("--secbits=", argv[i], 10)) {
- unsigned value;
- int status;
-
- value = strtoul(argv[i]+10, NULL, 0);
- status = prctl(PR_SET_SECUREBITS, value);
- if (status < 0) {
- fprintf(stderr, "failed to set securebits to 0%o/0x%x\n",
- value, value);
- exit(1);
- }
- } else if (!memcmp("--forkfor=", argv[i], 10)) {
- unsigned value;
-
- value = strtoul(argv[i]+10, NULL, 0);
- if (value == 0) {
- goto usage;
- }
- child = fork();
- if (child < 0) {
- perror("unable to fork()");
- } else if (!child) {
- sleep(value);
- exit(0);
- }
- } else if (!memcmp("--killit=", argv[i], 9)) {
- int retval, status;
- pid_t result;
- unsigned value;
-
- value = strtoul(argv[i]+9, NULL, 0);
- if (!child) {
- fprintf(stderr, "no forked process to kill\n");
- exit(1);
- }
- retval = kill(child, value);
- if (retval != 0) {
- perror("Unable to kill child process");
- exit(1);
- }
- result = waitpid(child, &status, 0);
- if (result != child) {
- fprintf(stderr, "waitpid didn't match child: %u != %u\n",
- child, result);
- exit(1);
- }
- if (WTERMSIG(status) != value) {
- fprintf(stderr, "child terminated with odd signal (%d != %d)\n"
- , value, WTERMSIG(status));
- exit(1);
- }
- } else if (!memcmp("--uid=", argv[i], 6)) {
- unsigned value;
- int status;
-
- value = strtoul(argv[i]+6, NULL, 0);
- status = setuid(value);
- if (status < 0) {
- fprintf(stderr, "Failed to set uid=%u: %s\n",
- value, strerror(errno));
- exit(1);
- }
- } else if (!memcmp("--decode=", argv[i], 9)) {
- unsigned long long value;
- unsigned cap;
- const char *sep = "";
-
- /* Note, if capabilities become longer than 64-bits we'll need
- to fixup the following code.. */
- value = strtoull(argv[i]+9, NULL, 16);
- printf("0x%016llx=", value);
-
- for (cap=0; value >> cap; ++cap) {
- if (value & (1ULL << cap)) {
- const char *ptr;
-
- ptr = cap_to_name(cap);
- if (ptr != NULL) {
- printf("%s%s", sep, ptr);
- } else {
- printf("%s%u", sep, cap);
- }
- sep = ",";
- }
- }
- printf("\n");
- } else if (!strcmp("--print", argv[i])) {
- unsigned cap;
- int set;
- cap_t all;
- char *text;
- const char *sep;
-
- all = cap_get_proc();
- text = cap_to_text(all, NULL);
- printf("Current: %s\n", text);
- cap_free(text);
- cap_free(all);
-
- printf("Bounding set =");
- sep = "";
- for (cap=0; (set = prctl(PR_CAPBSET_READ, cap)) >= 0; cap++) {
- const char *ptr;
- if (!set) {
- continue;
- }
-
- ptr = cap_to_name(cap);
- if (ptr == 0) {
- printf("%s%u", sep, cap);
- } else {
- printf("%s%s", sep, ptr);
- }
- sep = ",";
- }
- printf("\n");
- set = prctl(PR_GET_SECUREBITS);
- if (set >= 0) {
- printf("Securebits: 0%o/0x%x\n", set, set);
- printf(" secure-noroot: %s (%s)\n",
- (set & 1) ? "yes":"no",
- (set & 2) ? "locked":"unlocked");
- printf(" secure-no-suid-fixup: %s (%s)\n",
- (set & 4) ? "yes":"no",
- (set & 8) ? "locked":"unlocked");
- printf(" secure-keep-caps: %s (%s)\n",
- (set & 16) ? "yes":"no",
- (set & 32) ? "locked":"unlocked");
- } else {
- printf("[Securebits ABI not supported]\n");
- set = prctl(PR_GET_KEEPCAPS);
- if (set >= 0) {
- printf(" prctl-keep-caps: %s (locking not supported)\n",
- set ? "yes":"no");
- } else {
- printf("[Keepcaps ABI not supported]\n");
- }
- }
- printf("uid=%u\n", getuid());
- } else if ((!strcmp("--", argv[i])) || (!strcmp("==", argv[i]))) {
- argv[i] = strdup(argv[i][0] == '-' ? "/bin/bash" : argv[0]);
- argv[argc] = NULL;
- execve(argv[i], argv+i, envp);
- fprintf(stderr, "execve /bin/bash failed!\n");
- exit(1);
- } else {
- usage:
- printf("usage: %s [args ...]\n"
- " --help this message\n"
- " --print display capability relevant state\n"
- " --decode=xxx decode a hex string to a list of caps\n"
- " --drop=xxx remove xxx,.. capabilities from bset\n"
- " --caps=xxx set caps as per cap_from_text()\n"
- " --inh=xxx set xxx,.. inheritiable set\n"
- " --secbits=<n> write a new value for securebits\n"
- " --keep=<n> set keep-capabability bit to <n>\n"
- " --uid=<n> set uid to <n> (hint: id <username>)\n"
- " --chroot=path chroot(2) to this path to invoke bash\n"
- " --killit=<n> send signal(n) to child\n"
- " --forkfor=<n> fork and make child sleep for <n> sec\n"
- " == re-exec(capsh) with args as for --\n"
- " -- remaing arguments are for /bin/bash\n"
- " (without -- [%s] will simply exit(0))\n",
- argv[0], argv[0]);
-
- exit(strcmp("--help", argv[i]) != 0);
- }
- }
-
- exit(0);
-}
--- libcap-2.17/progs/getcap.c
+++ libcap-2.17/progs/getcap.c
(renamed to libcap-2.19/progs/getcap.c)
--- libcap-2.17/progs/getpcaps.c
+++ libcap-2.17/progs/getpcaps.c
(renamed to libcap-2.19/progs/getpcaps.c)
--- libcap-2.17/progs/old
+++ libcap-2.17/progs/old
-(directory)
--- libcap-2.17/progs/old/README
+++ libcap-2.17/progs/old/README
(renamed to libcap-2.19/doc/old/README)
--- libcap-2.17/progs/old/execcap.c
+++ libcap-2.17/progs/old/execcap.c
(renamed to libcap-2.19/progs/old/execcap.c)
--- libcap-2.17/progs/old/setpcaps.c
+++ libcap-2.17/progs/old/setpcaps.c
(renamed to libcap-2.19/progs/old/setpcaps.c)
--- libcap-2.17/progs/old/sucap.c
+++ libcap-2.17/progs/old/sucap.c
(renamed to libcap-2.19/progs/old/sucap.c)
--- libcap-2.17/progs/quicktest.sh
+++ libcap-2.17/progs/quicktest.sh
-#!/bin/bash
-#
-# Run through a series of tests to try out the various capability
-# manipulations posible through exec.
-#
-# [Run this as root in a root-enabled process tree.]
-
-try_capsh () {
- echo "TEST: ./capsh $*"
- ./capsh "$@"
- if [ $? -ne 0 ]; then
- echo FAILED
- return 1
- else
- echo PASSED
- return 0
- fi
-}
-
-fail_capsh () {
- echo -n "EXPECT FAILURE: "
- try_capsh "$@"
- if [ $? -eq 1 ]; then
- return 0
- else
- echo "Undesired result - aborting"
- echo "PROBLEM TEST: $*"
- exit 1
- fi
-}
-
-pass_capsh () {
- echo -n "EXPECT SUCCESS: "
- try_capsh "$@"
- if [ $? -eq 0 ]; then
- return 0
- else
- echo "Undesired result - aborting"
- echo "PROBLEM TEST: $*"
- exit 1
- fi
-}
-
-pass_capsh --print
-
-# Make a local non-setuid-0 version of ping
-cp /bin/ping . && chmod -s ./ping
-
-# Give it the forced capability it needs
-./setcap all=ep ./ping
-if [ $? -ne 0 ]; then
- echo "Failed to set all capabilities on file"
- exit 1
-fi
-./setcap cap_net_raw=ep ./ping
-if [ $? -ne 0 ]; then
- echo "Failed to set single capability on ping file"
- exit 1
-fi
-
-# Explore keep_caps support
-pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
-
-rm -f tcapsh
-cp capsh tcapsh
-chown root.root tcapsh
-chmod u+s tcapsh
-ls -l tcapsh
-
-# leverage keep caps maintain capabilities accross a change of uid
-# from setuid root to capable luser (as per wireshark/dumpcap 0.99.7)
-pass_capsh --uid=500 -- -c "./tcapsh --keep=1 --caps=\"cap_net_raw,cap_net_admin=ip\" --uid=500 --caps=\"cap_net_raw,cap_net_admin=pie\" --print"
-
-# This fails, on 2.6.24, but shouldn't
-pass_capsh --uid=500 -- -c "./tcapsh --keep=1 --caps=\"cap_net_raw,cap_net_admin=ip\" --uid=500 --forkfor=10 --caps= --print --killit=9 --print"
-
-rm -f tcapsh
-
-# only continue with these if --secbits is supported
-./capsh --secbits=0x2f > /dev/null 2>&1
-if [ $? -ne 0 ]; then
- echo "unable to test securebits manipulation - assume not supported (PASS)"
- rm -f ./ping
- exit 0
-fi
-
-pass_capsh --secbits=42 --print
-fail_capsh --secbits=32 --keep=1 --keep=0 --print
-pass_capsh --secbits=10 --keep=0 --keep=1 --print
-fail_capsh --secbits=47 -- -c "ping -c1 localhost"
-
-# Suppress uid=0 privilege
-fail_capsh --secbits=47 --print -- -c "/bin/ping -c1 localhost"
-
-# suppress uid=0 privilege and test this ping
-pass_capsh --secbits=0x2f --print -- -c "./ping -c1 localhost"
-
-# observe that the bounding set can be used to suppress this forced capability
-fail_capsh --drop=cap_net_raw,cap_chown --secbits=0x2f --print -- -c "./ping -c1 localhost"
-
-# change the way the capability is obtained (make it inheritable)
-./setcap cap_net_raw=ei ./ping
-
-pass_capsh --secbits=47 --inh=cap_net_raw --drop=cap_net_raw \
- --uid=500 --print -- -c "./ping -c1 localhost"
-
-rm -f ./ping
-
-# test that we do not support capabilities on setuid shell-scripts
-cat > hack.sh <<EOF
-#!/bin/bash
-mypid=\$\$
-caps=\$(./getpcaps \$mypid 2>&1 | cut -d: -f2)
-if [ "\$caps" != " =" ]; then
- echo "Shell script got [\$caps] - you should upgrade your kernel"
- exit 1
-else
- ls -l \$0
- echo "Good, no capabilities [\$caps] for this setuid-0 shell script"
-fi
-exit 0
-EOF
-chmod +xs hack.sh
-capsh --uid=500 -- ./hack.sh
-status=$?
-rm -f ./hack.sh
-if [ $status -ne 0 ]; then
- echo "shell scripts can have capabilities (bug)"
- exit 1
-fi
--- libcap-2.17/progs/setcap.c
+++ libcap-2.17/progs/setcap.c
(renamed to libcap-2.19/progs/setcap.c)
--- libcap-2.17/template.c
+++ libcap-2.17/template.c
(renamed to libcap-2.19/template.c)
--- libcap-2.19/CHANGELOG
+++ libcap-2.19/CHANGELOG
(renamed from libcap-2.17/CHANGELOG)
--- libcap-2.19/License
+++ libcap-2.19/License
(renamed from libcap-2.17/License)
--- libcap-2.19/Make.Rules
+++ libcap-2.19/Make.Rules
+#
+## Optional prefixes:
+#
+
+# common 'packaging' directoty
+
+FAKEROOT=$(DESTDIR)
+
+# Autoconf-style prefixes are activated when $(prefix) is defined.
+# Otherwise binaries and libraraies are installed in /{lib,sbin}/,
+# header files in /usr/include/ and documentation in /usr/man/man?/.
+
+ifndef lib
+lib=$(shell ldd /usr/bin/ld|fgrep ld-linux|cut -d/ -f2)
+endif
+
+ifdef prefix
+exec_prefix=$(prefix)
+lib_prefix=$(exec_prefix)
+inc_prefix=$(lib_prefix)
+man_prefix=$(prefix)/share
+else
+prefix=/usr
+exec_prefix=
+lib_prefix=$(exec_prefix)
+inc_prefix=$(prefix)
+man_prefix=$(prefix)/share
+endif
+
+# Target directories
+
+MANDIR=$(FAKEROOT)$(man_prefix)/man
+SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin
+INCDIR=$(FAKEROOT)$(inc_prefix)/include
+LIBDIR=$(FAKEROOT)$(lib_prefix)/$(lib)
+
+# common defines for libcap
+LIBTITLE=libcap
+VERSION=2
+MINOR=19
+#
+
+# Compilation specifics
+
+KERNEL_HEADERS := $(topdir)/libcap/include
+IPATH += -I$(topdir)/libcap/include -I$(KERNEL_HEADERS)
+
+CC := gcc
+CFLAGS := -O2
+BUILD_CC := $(CC)
+BUILD_CFLAGS := $(CFLAGS) $(IPATH)
+AR := ar
+RANLIB := ranlib
+DEBUG = -g #-DDEBUG
+WARNINGS=-fPIC -Wall -Wwrite-strings \
+ -Wpointer-arith -Wcast-qual -Wcast-align \
+ -Wstrict-prototypes -Wmissing-prototypes \
+ -Wnested-externs -Winline -Wshadow
+LD=$(CC) -Wl,-x -shared
+LDFLAGS := #-g
+
+SYSTEM_HEADERS = /usr/include
+INCS=$(topdir)/libcap/include/sys/capability.h
+LDFLAGS += -L$(topdir)/libcap
+CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) $(IPATH)
+PAM_CAP := $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi)
+INDENT := $(shell if [ -n "$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
+LIBATTR := yes
+
+# Global cleanup stuff
+
+LOCALCLEAN=rm -f *~ core
+DISTCLEAN=@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f
--- libcap-2.19/Makefile
+++ libcap-2.19/Makefile
(renamed from libcap-2.17/Makefile)
--- libcap-2.19/README
+++ libcap-2.19/README
(renamed from libcap-2.17/README)
--- libcap-2.19/contrib
+++ libcap-2.19/contrib
+(directory)
--- libcap-2.19/contrib/Makefile
+++ libcap-2.19/contrib/Makefile
(renamed from libcap-2.17/contrib/Makefile)
--- libcap-2.19/contrib/bug400591
+++ libcap-2.19/contrib/bug400591
+(directory)
--- libcap-2.19/contrib/bug400591/Makefile
+++ libcap-2.19/contrib/bug400591/Makefile
(renamed from libcap-2.17/contrib/bug400591/Makefile)
--- libcap-2.19/contrib/bug400591/bug.c
+++ libcap-2.19/contrib/bug400591/bug.c
(renamed from libcap-2.17/contrib/bug400591/bug.c)
--- libcap-2.19/contrib/pcaps4convenience
+++ libcap-2.19/contrib/pcaps4convenience
(renamed from libcap-2.17/contrib/pcaps4convenience)
--- libcap-2.19/contrib/pcaps4server
+++ libcap-2.19/contrib/pcaps4server
(renamed from libcap-2.17/contrib/pcaps4server)
--- libcap-2.19/contrib/pcaps4suid0
+++ libcap-2.19/contrib/pcaps4suid0
(renamed from libcap-2.17/contrib/pcaps4suid0)
--- libcap-2.19/doc
+++ libcap-2.19/doc
+(directory)
--- libcap-2.19/doc/Makefile
+++ libcap-2.19/doc/Makefile
+#
+# Makefile for libcap documentation
+#
+
+topdir=$(shell pwd)/..
+include $(topdir)/Make.Rules
+
+MAN1S = capsh.1
+MAN3S = cap_init.3 cap_free.3 cap_dup.3 \
+ cap_clear.3 cap_clear_flag.3 cap_get_flag.3 cap_set_flag.3 \
+ cap_compare.3 cap_get_proc.3 cap_get_pid.3 cap_set_proc.3 \
+ cap_get_file.3 cap_get_fd.3 cap_set_file.3 cap_set_fd.3 \
+ cap_copy_ext.3 cap_size.3 cap_copy_int.3 \
+ cap_from_text.3 cap_to_text.3 cap_from_name.3 cap_to_name.3 \
+ capsetp.3 capgetp.3 libcap.3
+MAN8S = getcap.8 setcap.8
+
+MANS = $(MAN1S) $(MAN3S) $(MAN8S)
+
+all: $(MANS)
+
+.PHONY: html
+html:
+ mkdir -p html
+ for man in $(MANS) ; \
+ do \
+ egrep '^\.so man' $$man > /dev/null || \
+ groff -man -Thtml $$man > html/$$man.html ; \
+ done
+
+install:
+ mkdir -p -m 755 $(MANDIR)/man1 $(MANDIR)/man3 $(MANDIR)/man8
+ for man in \
+ $(MANDIR)/man1 $(MAN1S) \
+ $(MANDIR)/man3 $(MAN3S) \
+ $(MANDIR)/man8 $(MAN8S) \
+ ; \
+ do \
+ case $$man in \
+ /*) sub=$$man ; continue ;; \
+ esac; \
+ install -m 644 $$man $$sub ; \
+ done
+
+clean:
+ $(LOCALCLEAN)
+ rm -rf html
+
+
--- libcap-2.19/doc/cap_clear.3
+++ libcap-2.19/doc/cap_clear.3
(renamed from libcap-2.17/doc/cap_clear.3)
--- libcap-2.19/doc/cap_clear_flag.3
+++ libcap-2.19/doc/cap_clear_flag.3
+.so man3/cap_clear.3
--- libcap-2.19/doc/cap_compare.3
+++ libcap-2.19/doc/cap_compare.3
+.so man3/cap_clear.3
--- libcap-2.19/doc/cap_copy_ext.3
+++ libcap-2.19/doc/cap_copy_ext.3
(renamed from libcap-2.17/doc/cap_copy_ext.3)
--- libcap-2.19/doc/cap_copy_int.3
+++ libcap-2.19/doc/cap_copy_int.3
+.so man3/cap_copy_ext.3
--- libcap-2.19/doc/cap_dup.3
+++ libcap-2.19/doc/cap_dup.3
+.so man3/cap_init.3
--- libcap-2.19/doc/cap_free.3
+++ libcap-2.19/doc/cap_free.3
(renamed from libcap-2.17/doc/cap_dup.3)
--- libcap-2.19/doc/cap_from_name.3
+++ libcap-2.19/doc/cap_from_name.3
+.so man3/cap_from_text.3
--- libcap-2.19/doc/cap_from_text.3
+++ libcap-2.19/doc/cap_from_text.3
(renamed from libcap-2.17/doc/cap_from_text.3)
--- libcap-2.19/doc/cap_get_fd.3
+++ libcap-2.19/doc/cap_get_fd.3
+.so man3/cap_get_file.3
--- libcap-2.19/doc/cap_get_file.3
+++ libcap-2.19/doc/cap_get_file.3
(renamed from libcap-2.17/doc/cap_get_file.3)
--- libcap-2.19/doc/cap_get_flag.3
+++ libcap-2.19/doc/cap_get_flag.3
+.so man3/cap_clear.3
--- libcap-2.19/doc/cap_get_pid.3
+++ libcap-2.19/doc/cap_get_pid.3
+.so man3/cap_get_proc.3
--- libcap-2.19/doc/cap_get_proc.3
+++ libcap-2.19/doc/cap_get_proc.3
(renamed from libcap-2.17/doc/cap_get_proc.3)
--- libcap-2.19/doc/cap_init.3
+++ libcap-2.19/doc/cap_init.3
(renamed from libcap-2.17/doc/cap_init.3)
--- libcap-2.19/doc/cap_set_fd.3
+++ libcap-2.19/doc/cap_set_fd.3
(renamed from libcap-2.17/doc/cap_set_file.3)
--- libcap-2.19/doc/cap_set_file.3
+++ libcap-2.19/doc/cap_set_file.3
+.so man3/cap_get_file.3
--- libcap-2.19/doc/cap_set_flag.3
+++ libcap-2.19/doc/cap_set_flag.3
(renamed from libcap-2.17/doc/cap_get_flag.3)
--- libcap-2.19/doc/cap_set_proc.3
+++ libcap-2.19/doc/cap_set_proc.3
(renamed from libcap-2.17/doc/capsetp.3)
--- libcap-2.19/doc/cap_size.3
+++ libcap-2.19/doc/cap_size.3
(renamed from libcap-2.17/doc/cap_copy_int.3)
--- libcap-2.19/doc/cap_to_name.3
+++ libcap-2.19/doc/cap_to_name.3
(renamed from libcap-2.17/doc/cap_to_text.3)
--- libcap-2.19/doc/cap_to_text.3
+++ libcap-2.19/doc/cap_to_text.3
+.so man3/cap_from_text.3
--- libcap-2.19/doc/capability.notes
+++ libcap-2.19/doc/capability.notes
(renamed from libcap-2.17/doc/capability.notes)
--- libcap-2.19/doc/capgetp.3
+++ libcap-2.19/doc/capgetp.3
+.so man3/cap_get_proc.3
--- libcap-2.19/doc/capsetp.3
+++ libcap-2.19/doc/capsetp.3
+.so man3/cap_get_proc.3
--- libcap-2.19/doc/capsh.1
+++ libcap-2.19/doc/capsh.1
+.\"
+.\" capsh.1 Man page added 2009-12-23 Andrew G. Morgan <morgan at kernel.org>
+.\"
+.TH CAPSH 1 "2009-12-24" "libcap 2" "User Commands"
+.SH NAME
+capsh \- capability shell wrapper
+.SH SYNOPSIS
+.B capsh
+[\fIOPTION\fR]...
+.SH DESCRIPTION
+Linux capability support and use can be explored and constrained with
+this tool. This tool provides a handy wrapper for certain types
+of capability testing and environment creation. It also provides some
+debugging features useful for summarizing capability state.
+.SH OPTIONS
+The tool takes a number of optional arguments, acting on them in the
+order they are provided. They are as follows:
+.TP 22
+.B --print
+Display prevailing capability and related state.
+.TP
+.BI -- " [args]"
+Execute
+.B /bin/bash
+with trailing arguments. Note, you can use
+.B -c 'command to execute'
+for specific commands.
+.TP
+.B ==
+Execute
+.B capsh
+again with remaining arguments. Useful for testing
+.BR exec ()
+behavior.
+.TP
+.BI --caps= cap-set
+Set the prevailing process capabilities to those specified by
+.IR cap-set .
+Where
+.I cap-set
+is a text-representation of capability state as per
+.BR cap_from_text (3).
+.TP
+.BI --drop= cap-list
+Remove the listed capabilities from the prevailing bounding set. The
+capabilites are a comma separated list of capabilities as recognized
+by the
+.BR cap_from_name (3)
+function. Use of this feature requires that the capsh program is
+operating with
+.B CAP_SETPCAP
+in its effective set.
+.TP
+.BI --inh= cap-list
+Set the inheritable set of capabilities for the current process to
+equal those provided in the comma separated list. For this action to
+succeed, the prevailing process should already have each of these
+capabilities in the union of the current inheritable and permitted
+capability sets, or the capsh program is operating with
+.B CAP_SETPCAP
+in its effective set.
+.TP
+.BI --user= username
+Assume the identity of the named user. That is, look up the user's
+.IR uid " and " gid
+with
+.BR getpwuid (3)
+and their group memberships with
+.BR getgrouplist (3)
+and set them all.
+.TP
+.BI --uid= id
+Force all
+.B uid
+values to equal
+.I id
+using the
+.BR setuid (2)
+system call.
+.TP
+.BI --gid= <id>
+Force all
+.B gid
+values to equal
+.I id
+using the
+.BR setgid (2)
+system call.
+.TP
+.BI --groups= <id-list>
+Set the supplementary groups to the numerical list provided. The
+groups are set with the
+.BR setgroups (2)
+system call.
+.TP
+.BI --keep= <0|1>
+In a non-pure capability mode, the kernel provides liberal privilege
+to the super-user. However, it is normally the case that when the
+super-user changes
+.I uid
+to some lesser user, then capabilities are dropped. For these
+situations, the kernel can permit the process to retain its
+capabilities after a
+.BR setuid (2)
+system call. This feature is known as
+.I keep-caps
+support. The way to activate it using this script is with this
+argument. Setting the value to 1 will cause
+.I keep-caps
+to be active. Setting it to 0 will cause keep-caps to deactivate for
+the current process. In all cases,
+.I keep-caps
+is deactivated when an
+.BR exec ()
+is performed. See
+.B --secbits
+for ways to disable this feature.
+.TP
+.BI --secbits= N
+XXX - need to document this feature.
+.TP
+.BI --chroot= path
+Execute the
+.BR chroot (2)
+system call with the new root-directory (/) equal to
+.IR path .
+This operation requires
+.B CAP_SYS_CHROOT
+to be in effect.
+.TP
+.BI --forkfor= sec
+.TP
+.BI --killit= sig
+.TP
+.BI --decode= N
+This is a convenience feature. If you look at
+.B /proc/1/status
+there are some capability related fields of the following form:
+
+ CapInh: 0000000000000000
+ CapPrm: ffffffffffffffff
+ CapEff: fffffffffffffeff
+ CapBnd: ffffffffffffffff
+
+This option provides a quick way to decode a capability vector
+represented in this form. For example, the missing capability from
+this effective set is 0x0100. By running:
+
+ capsh --decode=0x0100
+
+we observe that the missing capability is:
+.BR cap_setpcap .
+.SH "EXIT STATUS"
+Following successful execution the tool exits with status 0. Following
+an error, the tool immediately exits with status 1.
+.SH AUTHOR
+Written by Andrew G. Morgan <morgan at kernel.org>.
+.SH "REPORTING BUGS"
+Please report bugs to the author.
+.SH "SEE ALSO"
+.BR libcap (3),
+.BR getcap (8), setcap (8)
+and
+.BR capabilities (7).
--- libcap-2.19/doc/getcap.8
+++ libcap-2.19/doc/getcap.8
+.\"
+.\" $Id: getcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $
+.\" written by Andrew Main <zefram at dcs.warwick.ac.uk>
+.\"
+.TH GETCAP 8 "12 Nov 2007"
+.SH NAME
+getcap \- examine file capabilities
+.SH SYNOPSIS
+\fBgetcap\fP [-v] [-r] [-h] \fIfilename\fP [ ... ]
+.SH DESCRIPTION
+.B getcap
+displays the name and capabilities of each specified
+.SH OPTIONS
+.TP 4
+.B -r
+enables recursive search.
+.TP 4
+.B -v
+enables to display all searched entries, even if it has no file-capabilities.
+.TP 4
+.B -h
+prints quick usage.
+.TP 4
+.IR filename
+One file per line.
+.SH "SEE ALSO"
+.BR cap_get_file (3),
+.BR cap_to_text (3),
+.BR setcap (8)
--- libcap-2.19/doc/libcap.3
+++ libcap-2.19/doc/libcap.3
(renamed from libcap-2.17/doc/libcap.3)
--- libcap-2.19/doc/old
+++ libcap-2.19/doc/old
+(directory)
--- libcap-2.19/doc/old/README
+++ libcap-2.19/doc/old/README
(renamed from libcap-2.17/progs/old/README)
--- libcap-2.19/doc/old/_fgetfilecap.2
+++ libcap-2.19/doc/old/_fgetfilecap.2
(renamed from libcap-2.17/doc/old/_getfilecap.2)
--- libcap-2.19/doc/old/_fsetfilecap.2
+++ libcap-2.19/doc/old/_fsetfilecap.2
+.so man2/_setfilecap.2
--- libcap-2.19/doc/old/_getfilecap.2
+++ libcap-2.19/doc/old/_getfilecap.2
+.so man2/_setfilecap.2
--- libcap-2.19/doc/old/_getproccap.2
+++ libcap-2.19/doc/old/_getproccap.2
(renamed from libcap-2.17/doc/old/_getproccap.2)
--- libcap-2.19/doc/old/_setfilecap.2
+++ libcap-2.19/doc/old/_setfilecap.2
(renamed from libcap-2.17/doc/old/_setfilecap.2)
--- libcap-2.19/doc/old/_setproccap.2
+++ libcap-2.19/doc/old/_setproccap.2
(renamed from libcap-2.17/doc/old/_setproccap.2)
--- libcap-2.19/doc/setcap.8
+++ libcap-2.19/doc/setcap.8
+.\"
+.\" $Id: setcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $
+.\"
+.TH SETCAP 8 "24th October 2008"
+.SH NAME
+setcap \- set file capabilities
+.SH SYNOPSIS
+\fBsetcap\fP [-q] [-v] (\fIcapabilities|-|-r) filename\fP [ ... \fIcapabilitiesN\fP \fIfileN\fP ]
+.SH DESCRIPTION
+In the absence of the
+.B -v
+(verify) option
+.B setcap
+sets the capabilities of each specified
+.I filename
+to the
+.I capabilities
+specified. The
+.B -v
+option is used to verify that the specified capabilities are currently
+associated with the file.
+.PP
+The
+.I capabilities
+are specified in the form described in
+.IR cap_from_text (3).
+.PP
+The special capability string,
+.BR '-' ,
+can be used to indicate that capabilities are read from the standard
+input. In such cases, the capability set is terminated with a blank
+line.
+.PP
+The special capability string,
+.BR '-r' ,
+is used to remove a capability set from a file.
+.PP
+The
+.B -q
+flag is used to make the program less verbose in its output.
+.SH "EXIT CODE"
+The
+.B setcap
+program will exit with a 0 exit code if successful. On failure, the
+exit code is 1.
+.SH "SEE ALSO"
+.BR cap_from_text (3),
+.BR cap_set_file (3),
+.BR getcap (8)
--- libcap-2.19/libcap
+++ libcap-2.19/libcap
+(directory)
--- libcap-2.19/libcap/.gitignore
+++ libcap-2.19/libcap/.gitignore
(renamed from libcap-2.17/libcap/.gitignore)
--- libcap-2.19/libcap/Makefile
+++ libcap-2.19/libcap/Makefile
(renamed from libcap-2.17/libcap/Makefile)
--- libcap-2.19/libcap/_makenames.c
+++ libcap-2.19/libcap/_makenames.c
(renamed from libcap-2.17/libcap/_makenames.c)
--- libcap-2.19/libcap/cap_alloc.c
+++ libcap-2.19/libcap/cap_alloc.c
(renamed from libcap-2.17/libcap/cap_alloc.c)
--- libcap-2.19/libcap/cap_extint.c
+++ libcap-2.19/libcap/cap_extint.c
(renamed from libcap-2.17/libcap/cap_extint.c)
--- libcap-2.19/libcap/cap_file.c
+++ libcap-2.19/libcap/cap_file.c
(renamed from libcap-2.17/libcap/cap_file.c)
--- libcap-2.19/libcap/cap_flag.c
+++ libcap-2.19/libcap/cap_flag.c
(renamed from libcap-2.17/libcap/cap_flag.c)
--- libcap-2.19/libcap/cap_proc.c
+++ libcap-2.19/libcap/cap_proc.c
(renamed from libcap-2.17/libcap/cap_proc.c)
--- libcap-2.19/libcap/cap_text.c
+++ libcap-2.19/libcap/cap_text.c
(renamed from libcap-2.17/libcap/cap_text.c)
--- libcap-2.19/libcap/include
+++ libcap-2.19/libcap/include
+(directory)
--- libcap-2.19/libcap/include/linux
+++ libcap-2.19/libcap/include/linux
+(directory)
--- libcap-2.19/libcap/include/linux/capability.h
+++ libcap-2.19/libcap/include/linux/capability.h
+/*
+ * This is <linux/capability.h>
+ *
+ * Andrew G. Morgan <morgan at kernel.org>
+ * Alexander Kjeldaas <astor at guardian.no>
+ * with help from Aleph1, Roland Buresund and Andrew Main.
+ *
+ * See here for the libcap library ("POSIX draft" compliance):
+ *
+ * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
+ */
+
+#ifndef _LINUX_CAPABILITY_H
+#define _LINUX_CAPABILITY_H
+
+#include <linux/types.h>
+
+struct task_struct;
+
+/* User-level do most of the mapping between kernel and user
+ capabilities based on the version tag given by the kernel. The
+ kernel might be somewhat backwards compatible, but don't bet on
+ it. */
+
+/* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to
+ a set of three capability sets. The transposition of 3*the
+ following structure to such a composite is better handled in a user
+ library since the draft standard requires the use of malloc/free
+ etc.. */
+
+#define _LINUX_CAPABILITY_VERSION_1 0x19980330
+#define _LINUX_CAPABILITY_U32S_1 1
+
+#define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */
+#define _LINUX_CAPABILITY_U32S_2 2
+
+#define _LINUX_CAPABILITY_VERSION_3 0x20080522
+#define _LINUX_CAPABILITY_U32S_3 2
+
+typedef struct __user_cap_header_struct {
+ __u32 version;
+ int pid;
+} __user *cap_user_header_t;
+
+typedef struct __user_cap_data_struct {
+ __u32 effective;
+ __u32 permitted;
+ __u32 inheritable;
+} __user *cap_user_data_t;
+
+
+#define XATTR_CAPS_SUFFIX "capability"
+#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
+
+#define VFS_CAP_REVISION_MASK 0xFF000000
+#define VFS_CAP_REVISION_SHIFT 24
+#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
+#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
+
+#define VFS_CAP_REVISION_1 0x01000000
+#define VFS_CAP_U32_1 1
+#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1))
+
+#define VFS_CAP_REVISION_2 0x02000000
+#define VFS_CAP_U32_2 2
+#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
+
+#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2
+#define VFS_CAP_U32 VFS_CAP_U32_2
+#define VFS_CAP_REVISION VFS_CAP_REVISION_2
+
+struct vfs_cap_data {
+ __le32 magic_etc; /* Little endian */
+ struct {
+ __le32 permitted; /* Little endian */
+ __le32 inheritable; /* Little endian */
+ } data[VFS_CAP_U32];
+};
+
+#ifndef __KERNEL__
+
+/*
+ * Backwardly compatible definition for source code - trapped in a
+ * 32-bit world. If you find you need this, please consider using
+ * libcap to untrap yourself...
+ */
+#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1
+#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1
+
+#else
+
+#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
+#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
+
+extern int file_caps_enabled;
+
+typedef struct kernel_cap_struct {
+ __u32 cap[_KERNEL_CAPABILITY_U32S];
+} kernel_cap_t;
+
+/* exact same as vfs_cap_data but in cpu endian and always filled completely */
+struct cpu_vfs_cap_data {
+ __u32 magic_etc;
+ kernel_cap_t permitted;
+ kernel_cap_t inheritable;
+};
+
+#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
+#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
+
+#endif
+
+
+/**
+ ** POSIX-draft defined capabilities.
+ **/
+
+/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
+ overrides the restriction of changing file ownership and group
+ ownership. */
+
+#define CAP_CHOWN 0
+
+/* Override all DAC access, including ACL execute access if
+ [_POSIX_ACL] is defined. Excluding DAC access covered by
+ CAP_LINUX_IMMUTABLE. */
+
+#define CAP_DAC_OVERRIDE 1
+
+/* Overrides all DAC restrictions regarding read and search on files
+ and directories, including ACL restrictions if [_POSIX_ACL] is
+ defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
+
+#define CAP_DAC_READ_SEARCH 2
+
+/* Overrides all restrictions about allowed operations on files, where
+ file owner ID must be equal to the user ID, except where CAP_FSETID
+ is applicable. It doesn't override MAC and DAC restrictions. */
+
+#define CAP_FOWNER 3
+
+/* Overrides the following restrictions that the effective user ID
+ shall match the file owner ID when setting the S_ISUID and S_ISGID
+ bits on that file; that the effective group ID (or one of the
+ supplementary group IDs) shall match the file owner ID when setting
+ the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
+ cleared on successful return from chown(2) (not implemented). */
+
+#define CAP_FSETID 4
+
+/* Overrides the restriction that the real or effective user ID of a
+ process sending a signal must match the real or effective user ID
+ of the process receiving the signal. */
+
+#define CAP_KILL 5
+
+/* Allows setgid(2) manipulation */
+/* Allows setgroups(2) */
+/* Allows forged gids on socket credentials passing. */
+
+#define CAP_SETGID 6
+
+/* Allows set*uid(2) manipulation (including fsuid). */
+/* Allows forged pids on socket credentials passing. */
+
+#define CAP_SETUID 7
+
+
+/**
+ ** Linux-specific capabilities
+ **/
+
+/* Without VFS support for capabilities:
+ * Transfer any capability in your permitted set to any pid,
+ * remove any capability in your permitted set from any pid
+ * With VFS support for capabilities (neither of above, but)
+ * Add any capability from current's capability bounding set
+ * to the current process' inheritable set
+ * Allow taking bits out of capability bounding set
+ * Allow modification of the securebits for a process
+ */
+
+#define CAP_SETPCAP 8
+
+/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */
+
+#define CAP_LINUX_IMMUTABLE 9
+
+/* Allows binding to TCP/UDP sockets below 1024 */
+/* Allows binding to ATM VCIs below 32 */
+
+#define CAP_NET_BIND_SERVICE 10
+
+/* Allow broadcasting, listen to multicast */
+
+#define CAP_NET_BROADCAST 11
+
+/* Allow interface configuration */
+/* Allow administration of IP firewall, masquerading and accounting */
+/* Allow setting debug option on sockets */
+/* Allow modification of routing tables */
+/* Allow setting arbitrary process / process group ownership on
+ sockets */
+/* Allow binding to any address for transparent proxying */
+/* Allow setting TOS (type of service) */
+/* Allow setting promiscuous mode */
+/* Allow clearing driver statistics */
+/* Allow multicasting */
+/* Allow read/write of device-specific registers */
+/* Allow activation of ATM control sockets */
+
+#define CAP_NET_ADMIN 12
+
+/* Allow use of RAW sockets */
+/* Allow use of PACKET sockets */
+
+#define CAP_NET_RAW 13
+
+/* Allow locking of shared memory segments */
+/* Allow mlock and mlockall (which doesn't really have anything to do
+ with IPC) */
+
+#define CAP_IPC_LOCK 14
+
+/* Override IPC ownership checks */
+
+#define CAP_IPC_OWNER 15
+
+/* Insert and remove kernel modules - modify kernel without limit */
+#define CAP_SYS_MODULE 16
+
+/* Allow ioperm/iopl access */
+/* Allow sending USB messages to any device via /proc/bus/usb */
+
+#define CAP_SYS_RAWIO 17
+
+/* Allow use of chroot() */
+
+#define CAP_SYS_CHROOT 18
+
+/* Allow ptrace() of any process */
+
+#define CAP_SYS_PTRACE 19
+
+/* Allow configuration of process accounting */
+
+#define CAP_SYS_PACCT 20
+
+/* Allow configuration of the secure attention key */
+/* Allow administration of the random device */
+/* Allow examination and configuration of disk quotas */
+/* Allow configuring the kernel's syslog (printk behaviour) */
+/* Allow setting the domainname */
+/* Allow setting the hostname */
+/* Allow calling bdflush() */
+/* Allow mount() and umount(), setting up new smb connection */
+/* Allow some autofs root ioctls */
+/* Allow nfsservctl */
+/* Allow VM86_REQUEST_IRQ */
+/* Allow to read/write pci config on alpha */
+/* Allow irix_prctl on mips (setstacksize) */
+/* Allow flushing all cache on m68k (sys_cacheflush) */
+/* Allow removing semaphores */
+/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
+ and shared memory */
+/* Allow locking/unlocking of shared memory segment */
+/* Allow turning swap on/off */
+/* Allow forged pids on socket credentials passing */
+/* Allow setting readahead and flushing buffers on block devices */
+/* Allow setting geometry in floppy driver */
+/* Allow turning DMA on/off in xd driver */
+/* Allow administration of md devices (mostly the above, but some
+ extra ioctls) */
+/* Allow tuning the ide driver */
+/* Allow access to the nvram device */
+/* Allow administration of apm_bios, serial and bttv (TV) device */
+/* Allow manufacturer commands in isdn CAPI support driver */
+/* Allow reading non-standardized portions of pci configuration space */
+/* Allow DDI debug ioctl on sbpcd driver */
+/* Allow setting up serial ports */
+/* Allow sending raw qic-117 commands */
+/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
+ arbitrary SCSI commands */
+/* Allow setting encryption key on loopback filesystem */
+/* Allow setting zone reclaim policy */
+
+#define CAP_SYS_ADMIN 21
+
+/* Allow use of reboot() */
+
+#define CAP_SYS_BOOT 22
+
+/* Allow raising priority and setting priority on other (different
+ UID) processes */
+/* Allow use of FIFO and round-robin (realtime) scheduling on own
+ processes and setting the scheduling algorithm used by another
+ process. */
+/* Allow setting cpu affinity on other processes */
+
+#define CAP_SYS_NICE 23
+
+/* Override resource limits. Set resource limits. */
+/* Override quota limits. */
+/* Override reserved space on ext2 filesystem */
+/* Modify data journaling mode on ext3 filesystem (uses journaling
+ resources) */
+/* NOTE: ext2 honors fsuid when checking for resource overrides, so
+ you can override using fsuid too */
+/* Override size restrictions on IPC message queues */
+/* Allow more than 64hz interrupts from the real-time clock */
+/* Override max number of consoles on console allocation */
+/* Override max number of keymaps */
+
+#define CAP_SYS_RESOURCE 24
+
+/* Allow manipulation of system clock */
+/* Allow irix_stime on mips */
+/* Allow setting the real-time clock */
+
+#define CAP_SYS_TIME 25
+
+/* Allow configuration of tty devices */
+/* Allow vhangup() of tty */
+
+#define CAP_SYS_TTY_CONFIG 26
+
+/* Allow the privileged aspects of mknod() */
+
+#define CAP_MKNOD 27
+
+/* Allow taking of leases on files */
+
+#define CAP_LEASE 28
+
+#define CAP_AUDIT_WRITE 29
+
+#define CAP_AUDIT_CONTROL 30
+
+#define CAP_SETFCAP 31
+
+/* Override MAC access.
+ The base kernel enforces no MAC policy.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based overrides of that policy, this is
+ the capability it should use to do so. */
+
+#define CAP_MAC_OVERRIDE 32
+
+/* Allow MAC configuration or state changes.
+ The base kernel requires no MAC configuration.
+ An LSM may enforce a MAC policy, and if it does and it chooses
+ to implement capability based checks on modifications to that
+ policy or the data required to maintain it, this is the
+ capability it should use to do so. */
+
+#define CAP_MAC_ADMIN 33
+
+#define CAP_LAST_CAP CAP_MAC_ADMIN
+
+#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
+
+/*
+ * Bit location of each capability (used by user-space library and kernel)
+ */
+
+#define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */
+#define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */
+
+#ifdef __KERNEL__
+
+/*
+ * Internal kernel functions only
+ */
+
+#define CAP_FOR_EACH_U32(__capi) \
+ for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
+
+/*
+ * CAP_FS_MASK and CAP_NFSD_MASKS:
+ *
+ * The fs mask is all the privileges that fsuid==0 historically meant.
+ * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
+ *
+ * It has never meant setting security.* and trusted.* xattrs.
+ *
+ * We could also define fsmask as follows:
+ * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
+ * 2. The security.* and trusted.* xattrs are fs-related MAC permissions
+ */
+
+# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
+ | CAP_TO_MASK(CAP_MKNOD) \
+ | CAP_TO_MASK(CAP_DAC_OVERRIDE) \
+ | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
+ | CAP_TO_MASK(CAP_FOWNER) \
+ | CAP_TO_MASK(CAP_FSETID))
+
+# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+
+#if _KERNEL_CAPABILITY_U32S != 2
+# error Fix up hand-coded capability macro initializers
+#else /* HAND-CODED capability initializers */
+
+# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
+# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
+# define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
+# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+ | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
+ CAP_FS_MASK_B1 } })
+# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+ | CAP_TO_MASK(CAP_SYS_RESOURCE), \
+ CAP_FS_MASK_B1 } })
+
+#endif /* _KERNEL_CAPABILITY_U32S != 2 */
+
+#define CAP_INIT_INH_SET CAP_EMPTY_SET
+
+# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
+# define cap_set_full(c) do { (c) = __cap_full_set; } while (0)
+# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0)
+
+#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
+#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
+#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
+
+#define CAP_BOP_ALL(c, a, b, OP) \
+do { \
+ unsigned __capi; \
+ CAP_FOR_EACH_U32(__capi) { \
+ c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
+ } \
+} while (0)
+
+#define CAP_UOP_ALL(c, a, OP) \
+do { \
+ unsigned __capi; \
+ CAP_FOR_EACH_U32(__capi) { \
+ c.cap[__capi] = OP a.cap[__capi]; \
+ } \
+} while (0)
+
+static inline kernel_cap_t cap_combine(const kernel_cap_t a,
+ const kernel_cap_t b)
+{
+ kernel_cap_t dest;
+ CAP_BOP_ALL(dest, a, b, |);
+ return dest;
+}
+
+static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
+ const kernel_cap_t b)
+{
+ kernel_cap_t dest;
+ CAP_BOP_ALL(dest, a, b, &);
+ return dest;
+}
+
+static inline kernel_cap_t cap_drop(const kernel_cap_t a,
+ const kernel_cap_t drop)
+{
+ kernel_cap_t dest;
+ CAP_BOP_ALL(dest, a, drop, &~);
+ return dest;
+}
+
+static inline kernel_cap_t cap_invert(const kernel_cap_t c)
+{
+ kernel_cap_t dest;
+ CAP_UOP_ALL(dest, c, ~);
+ return dest;
+}
+
+static inline int cap_isclear(const kernel_cap_t a)
+{
+ unsigned __capi;
+ CAP_FOR_EACH_U32(__capi) {
+ if (a.cap[__capi] != 0)
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * Check if "a" is a subset of "set".
+ * return 1 if ALL of the capabilities in "a" are also in "set"
+ * cap_issubset(0101, 1111) will return 1
+ * return 0 if ANY of the capabilities in "a" are not in "set"
+ * cap_issubset(1111, 0101) will return 0
+ */
+static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
+{
+ kernel_cap_t dest;
+ dest = cap_drop(a, set);
+ return cap_isclear(dest);
+}
+
+/* Used to decide between falling back on the old suser() or fsuser(). */
+
+static inline int cap_is_fs_cap(int cap)
+{
+ const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+ return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]);
+}
+
+static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
+{
+ const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+ return cap_drop(a, __cap_fs_set);
+}
+
+static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
+ const kernel_cap_t permitted)
+{
+ const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+ return cap_combine(a,
+ cap_intersect(permitted, __cap_fs_set));
+}
+
+static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
+{
+ const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
+ return cap_drop(a, __cap_fs_set);
+}
+
+static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
+ const kernel_cap_t permitted)
+{
+ const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
+ return cap_combine(a,
+ cap_intersect(permitted, __cap_nfsd_set));
+}
+
+extern const kernel_cap_t __cap_empty_set;
+extern const kernel_cap_t __cap_full_set;
+extern const kernel_cap_t __cap_init_eff_set;
+
+/**
+ * has_capability - Determine if a task has a superior capability available
+ * @t: The task in question
+ * @cap: The capability to be tested for
+ *
+ * Return true if the specified task has the given superior capability
+ * currently in effect, false if not.
+ *
+ * Note that this does not set PF_SUPERPRIV on the task.
+ */
+#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)
+
+/**
+ * has_capability_noaudit - Determine if a task has a superior capability available (unaudited)
+ * @t: The task in question
+ * @cap: The capability to be tested for
+ *
+ * Return true if the specified task has the given superior capability
+ * currently in effect, false if not, but don't write an audit message for the
+ * check.
+ *
+ * Note that this does not set PF_SUPERPRIV on the task.
+ */
+#define has_capability_noaudit(t, cap) \
+ (security_real_capable_noaudit((t), (cap)) == 0)
+
+extern int capable(int cap);
+
+/* audit system wants to get cap info from files as well */
+struct dentry;
+extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
+
+#endif /* __KERNEL__ */
+
+#endif /* !_LINUX_CAPABILITY_H */
--- libcap-2.19/libcap/include/linux/prctl.h
+++ libcap-2.19/libcap/include/linux/prctl.h
+#ifndef _LINUX_PRCTL_H
+#define _LINUX_PRCTL_H
+
+/* Values to pass as first argument to prctl() */
+
+#define PR_SET_PDEATHSIG 1 /* Second arg is a signal */
+#define PR_GET_PDEATHSIG 2 /* Second arg is a ptr to return the signal */
+
+/* Get/set current->mm->dumpable */
+#define PR_GET_DUMPABLE 3
+#define PR_SET_DUMPABLE 4
+
+/* Get/set unaligned access control bits (if meaningful) */
+#define PR_GET_UNALIGN 5
+#define PR_SET_UNALIGN 6
+# define PR_UNALIGN_NOPRINT 1 /* silently fix up unaligned user accesses */
+# define PR_UNALIGN_SIGBUS 2 /* generate SIGBUS on unaligned user access */
+
+/* Get/set whether or not to drop capabilities on setuid() away from
+ * uid 0 (as per security/commoncap.c) */
+#define PR_GET_KEEPCAPS 7
+#define PR_SET_KEEPCAPS 8
+
+/* Get/set floating-point emulation control bits (if meaningful) */
+#define PR_GET_FPEMU 9
+#define PR_SET_FPEMU 10
+# define PR_FPEMU_NOPRINT 1 /* silently emulate fp operations accesses */
+# define PR_FPEMU_SIGFPE 2 /* don't emulate fp operations, send SIGFPE instead */
+
+/* Get/set floating-point exception mode (if meaningful) */
+#define PR_GET_FPEXC 11
+#define PR_SET_FPEXC 12
+# define PR_FP_EXC_SW_ENABLE 0x80 /* Use FPEXC for FP exception enables */
+# define PR_FP_EXC_DIV 0x010000 /* floating point divide by zero */
+# define PR_FP_EXC_OVF 0x020000 /* floating point overflow */
+# define PR_FP_EXC_UND 0x040000 /* floating point underflow */
+# define PR_FP_EXC_RES 0x080000 /* floating point inexact result */
+# define PR_FP_EXC_INV 0x100000 /* floating point invalid operation */
+# define PR_FP_EXC_DISABLED 0 /* FP exceptions disabled */
+# define PR_FP_EXC_NONRECOV 1 /* async non-recoverable exc. mode */
+# define PR_FP_EXC_ASYNC 2 /* async recoverable exception mode */
+# define PR_FP_EXC_PRECISE 3 /* precise exception mode */
+
+/* Get/set whether we use statistical process timing or accurate timestamp
+ * based process timing */
+#define PR_GET_TIMING 13
+#define PR_SET_TIMING 14
+# define PR_TIMING_STATISTICAL 0 /* Normal, traditional,
+ statistical process timing */
+# define PR_TIMING_TIMESTAMP 1 /* Accurate timestamp based
+ process timing */
+
+#define PR_SET_NAME 15 /* Set process name */
+#define PR_GET_NAME 16 /* Get process name */
+
+/* Get/set process endian */
+#define PR_GET_ENDIAN 19
+#define PR_SET_ENDIAN 20
+# define PR_ENDIAN_BIG 0
+# define PR_ENDIAN_LITTLE 1 /* True little endian mode */
+# define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */
+
+/* Get/set process seccomp mode */
+#define PR_GET_SECCOMP 21
+#define PR_SET_SECCOMP 22
+
+/* Get/set the capability bounding set (as per security/commoncap.c) */
+#define PR_CAPBSET_READ 23
+#define PR_CAPBSET_DROP 24
+
+/* Get/set the process' ability to use the timestamp counter instruction */
+#define PR_GET_TSC 25
+#define PR_SET_TSC 26
+# define PR_TSC_ENABLE 1 /* allow the use of the timestamp counter */
+# define PR_TSC_SIGSEGV 2 /* throw a SIGSEGV instead of reading the TSC */
+
+/* Get/set securebits (as per security/commoncap.c) */
+#define PR_GET_SECUREBITS 27
+#define PR_SET_SECUREBITS 28
+
+/*
+ * Get/set the timerslack as used by poll/select/nanosleep
+ * A value of 0 means "use default"
+ */
+#define PR_SET_TIMERSLACK 29
+#define PR_GET_TIMERSLACK 30
+
+#define PR_TASK_PERF_EVENTS_DISABLE 31
+#define PR_TASK_PERF_EVENTS_ENABLE 32
+
+/*
+ * Set early/late kill mode for hwpoison memory corruption.
+ * This influences when the process gets killed on a memory corruption.
+ */
+#define PR_MCE_KILL 33
+# define PR_MCE_KILL_CLEAR 0
+# define PR_MCE_KILL_SET 1
+
+# define PR_MCE_KILL_LATE 0
+# define PR_MCE_KILL_EARLY 1
+# define PR_MCE_KILL_DEFAULT 2
+
+#define PR_MCE_KILL_GET 34
+
+#endif /* _LINUX_PRCTL_H */
--- libcap-2.19/libcap/include/linux/securebits.h
+++ libcap-2.19/libcap/include/linux/securebits.h
+#ifndef _LINUX_SECUREBITS_H
+#define _LINUX_SECUREBITS_H 1
+
+/* Each securesetting is implemented using two bits. One bit specifies
+ whether the setting is on or off. The other bit specify whether the
+ setting is locked or not. A setting which is locked cannot be
+ changed from user-level. */
+#define issecure_mask(X) (1 << (X))
+#ifdef __KERNEL__
+#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
+#endif
+
+#define SECUREBITS_DEFAULT 0x00000000
+
+/* When set UID 0 has no special privileges. When unset, we support
+ inheritance of root-permissions and suid-root executable under
+ compatibility mode. We raise the effective and inheritable bitmasks
+ *of the executable file* if the effective uid of the new process is
+ 0. If the real uid is 0, we raise the effective (legacy) bit of the
+ executable file. */
+#define SECURE_NOROOT 0
+#define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */
+
+#define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT))
+#define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED))
+
+/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
+ When unset, to provide compatiblility with old programs relying on
+ set*uid to gain/lose privilege, transitions to/from uid 0 cause
+ capabilities to be gained/lost. */
+#define SECURE_NO_SETUID_FIXUP 2
+#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
+
+#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP))
+#define SECBIT_NO_SETUID_FIXUP_LOCKED \
+ (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED))
+
+/* When set, a process can retain its capabilities even after
+ transitioning to a non-root user (the set-uid fixup suppressed by
+ bit 2). Bit-4 is cleared when a process calls exec(); setting both
+ bit 4 and 5 will create a barrier through exec that no exec()'d
+ child can use this feature again. */
+#define SECURE_KEEP_CAPS 4
+#define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */
+
+#define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS))
+#define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED))
+
+#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
+ issecure_mask(SECURE_NO_SETUID_FIXUP) | \
+ issecure_mask(SECURE_KEEP_CAPS))
+#define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1)
+
+#endif /* !_LINUX_SECUREBITS_H */
--- libcap-2.19/libcap/include/sys
+++ libcap-2.19/libcap/include/sys
+(directory)
--- libcap-2.19/libcap/include/sys/capability.h
+++ libcap-2.19/libcap/include/sys/capability.h
(renamed from libcap-2.17/libcap/include/sys/capability.h)
--- libcap-2.19/libcap/include/sys/securebits.h
+++ libcap-2.19/libcap/include/sys/securebits.h
+/*
+ * <sys/securebits.h>
+ * Copyright (C) 2010 Serge Hallyn <serue at us.ibm.com>
+ */
+
+#ifndef _SYS_SECUREBITS_H
+#define _SYS_SECUREBITS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef __user
+#define __user
+#endif
+#include <linux/securebits.h>
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SYS_SECUREBITS_H */
--- libcap-2.19/libcap/libcap.h
+++ libcap-2.19/libcap/libcap.h
(renamed from libcap-2.17/libcap/libcap.h)
--- libcap-2.19/pam_cap
+++ libcap-2.19/pam_cap
+(directory)
--- libcap-2.19/pam_cap/.gitignore
+++ libcap-2.19/pam_cap/.gitignore
(renamed from libcap-2.17/pam_cap/.gitignore)
--- libcap-2.19/pam_cap/License
+++ libcap-2.19/pam_cap/License
(renamed from libcap-2.17/pam_cap/License)
--- libcap-2.19/pam_cap/Makefile
+++ libcap-2.19/pam_cap/Makefile
(renamed from libcap-2.17/pam_cap/Makefile)
--- libcap-2.19/pam_cap/capability.conf
+++ libcap-2.19/pam_cap/capability.conf
(renamed from libcap-2.17/pam_cap/capability.conf)
--- libcap-2.19/pam_cap/pam_cap.c
+++ libcap-2.19/pam_cap/pam_cap.c
(renamed from libcap-2.17/pam_cap/pam_cap.c)
--- libcap-2.19/pam_cap/test.c
+++ libcap-2.19/pam_cap/test.c
(renamed from libcap-2.17/pam_cap/test.c)
--- libcap-2.19/pgp.keys.asc
+++ libcap-2.19/pgp.keys.asc
(renamed from libcap-2.17/pgp.keys.asc)
--- libcap-2.19/progs
+++ libcap-2.19/progs
+(directory)
--- libcap-2.19/progs/.gitignore
+++ libcap-2.19/progs/.gitignore
(renamed from libcap-2.17/progs/.gitignore)
--- libcap-2.19/progs/Makefile
+++ libcap-2.19/progs/Makefile
(renamed from libcap-2.17/progs/Makefile)
--- libcap-2.19/progs/capsh.c
+++ libcap-2.19/progs/capsh.c
+/*
+ * Copyright (c) 2008 Andrew G. Morgan <morgan at kernel.org>
+ *
+ * This is a simple 'bash' wrapper program that can be used to
+ * raise and lower both the bset and pI capabilities before invoking
+ * /bin/bash (hardcoded right now).
+ *
+ * The --print option can be used as a quick test whether various
+ * capability manipulations work as expected (or not).
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/prctl.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+#include <ctype.h>
+#include <sys/capability.h>
+#include <sys/securebits.h>
+#include <sys/wait.h>
+#include <sys/prctl.h>
+
+#define MAX_GROUPS 100 /* max number of supplementary groups for user */
+
+static const cap_value_t raise_setpcap[1] = { CAP_SETPCAP };
+static const cap_value_t raise_chroot[1] = { CAP_SYS_CHROOT };
+
+static char *binary(unsigned long value)
+{
+ static char string[8*sizeof(unsigned long) + 1];
+ unsigned i;
+
+ i = sizeof(string);
+ string[--i] = '\0';
+ do {
+ string[--i] = (value & 1) ? '1' : '0';
+ value >>= 1;
+ } while ((i > 0) && value);
+ return string + i;
+}
+
+int main(int argc, char *argv[], char *envp[])
+{
+ pid_t child;
+ unsigned i;
+
+ child = 0;
+
+ for (i=1; i<argc; ++i) {
+ if (!memcmp("--drop=", argv[i], 4)) {
+ char *ptr;
+ cap_t orig, raised_for_setpcap;
+
+ /*
+ * We need to do this here because --inh=XXX may have reset
+ * orig and it isn't until we are within the --drop code that
+ * we know what the prevailing (orig) pI value is.
+ */
+ orig = cap_get_proc();
+ if (orig == NULL) {
+ perror("Capabilities not available");
+ exit(1);
+ }
+
+ raised_for_setpcap = cap_dup(orig);
+ if (raised_for_setpcap == NULL) {
+ fprintf(stderr, "BSET modification requires CAP_SETPCAP\n");
+ exit(1);
+ }
+
+ if (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
+ raise_setpcap, CAP_SET) != 0) {
+ perror("unable to select CAP_SETPCAP");
+ exit(1);
+ }
+
+ if (strcmp("all", argv[i]+7) == 0) {
+ unsigned j = 0;
+ while (prctl(PR_CAPBSET_READ, j) >= 0) {
+ if (prctl(PR_CAPBSET_DROP, j) != 0) {
+ fprintf(stderr,
+ "Unable to drop bounding capability [%s]\n",
+ cap_to_name(j));
+ exit(1);
+ }
+ j++;
+ }
+ } else {
+ for (ptr = argv[i]+7; (ptr = strtok(ptr, ",")); ptr = NULL) {
+ /* find name for token */
+ cap_value_t cap;
+ int status;
+
+ if (cap_from_name(ptr, &cap) != 0) {
+ fprintf(stderr,
+ "capability [%s] is unknown to libcap\n",
+ ptr);
+ exit(1);
+ }
+ if (cap_set_proc(raised_for_setpcap) != 0) {
+ perror("unable to raise CAP_SETPCAP for BSET changes");
+ exit(1);
+ }
+ status = prctl(PR_CAPBSET_DROP, cap);
+ if (cap_set_proc(orig) != 0) {
+ perror("unable to lower CAP_SETPCAP post BSET change");
+ exit(1);
+ }
+ if (status) {
+ fprintf(stderr, "failed to drop [%s=%u]\n", ptr, cap);
+ exit(1);
+ }
+ }
+ }
+ cap_free(raised_for_setpcap);
+ cap_free(orig);
+ } else if (!memcmp("--inh=", argv[i], 6)) {
+ cap_t all, raised_for_setpcap;
+ char *text;
+ char *ptr;
+
+ all = cap_get_proc();
+ if (all == NULL) {
+ perror("Capabilities not available");
+ exit(1);
+ }
+ if (cap_clear_flag(all, CAP_INHERITABLE) != 0) {
+ perror("libcap:cap_clear_flag() internal error");
+ exit(1);
+ }
+
+ raised_for_setpcap = cap_dup(all);
+ if ((raised_for_setpcap != NULL)
+ && (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
+ raise_setpcap, CAP_SET) != 0)) {
+ cap_free(raised_for_setpcap);
+ raised_for_setpcap = NULL;
+ }
+
+ text = cap_to_text(all, NULL);
+ cap_free(all);
+ if (text == NULL) {
+ perror("Fatal error concerning process capabilities");
+ exit(1);
+ }
+ ptr = malloc(10 + strlen(argv[i]+6) + strlen(text));
+ if (ptr == NULL) {
+ perror("Out of memory for inh set");
+ exit(1);
+ }
+ sprintf(ptr, "%s %s+i", text, argv[i]+6);
+
+ all = cap_from_text(ptr);
+ if (all == NULL) {
+ perror("Fatal error internalizing capabilities");
+ exit(1);
+ }
+ cap_free(text);
+ free(ptr);
+
+ if (raised_for_setpcap != NULL) {
+ /*
+ * This is only for the case that pP does not contain
+ * the requested change to pI.. Failing here is not
+ * indicative of the cap_set_proc(all) failing (always).
+ */
+ (void) cap_set_proc(raised_for_setpcap);
+ cap_free(raised_for_setpcap);
+ raised_for_setpcap = NULL;
+ }
+
+ if (cap_set_proc(all) != 0) {
+ perror("Unable to set inheritable capabilities");
+ exit(1);
+ }
+ /*
+ * Since status is based on orig, we don't want to restore
+ * the previous value of 'all' again here!
+ */
+
+ cap_free(all);
+ } else if (!memcmp("--caps=", argv[i], 7)) {
+ cap_t all, raised_for_setpcap;
+
+ raised_for_setpcap = cap_get_proc();
+ if (raised_for_setpcap == NULL) {
+ perror("Capabilities not available");
+ exit(1);
+ }
+
+ if ((raised_for_setpcap != NULL)
+ && (cap_set_flag(raised_for_setpcap, CAP_EFFECTIVE, 1,
+ raise_setpcap, CAP_SET) != 0)) {
+ cap_free(raised_for_setpcap);
+ raised_for_setpcap = NULL;
+ }
+
+ all = cap_from_text(argv[i]+7);
+ if (all == NULL) {
+ fprintf(stderr, "unable to interpret [%s]\n", argv[i]);
+ exit(1);
+ }
+
+ if (raised_for_setpcap != NULL) {
+ /*
+ * This is only for the case that pP does not contain
+ * the requested change to pI.. Failing here is not
+ * indicative of the cap_set_proc(all) failing (always).
+ */
+ (void) cap_set_proc(raised_for_setpcap);
+ cap_free(raised_for_setpcap);
+ raised_for_setpcap = NULL;
+ }
+
+ if (cap_set_proc(all) != 0) {
+ fprintf(stderr, "Unable to set capabilities [%s]\n", argv[i]);
+ exit(1);
+ }
+ /*
+ * Since status is based on orig, we don't want to restore
+ * the previous value of 'all' again here!
+ */
+
+ cap_free(all);
+ } else if (!memcmp("--keep=", argv[i], 7)) {
+ unsigned value;
+ int set;
+
+ value = strtoul(argv[i]+7, NULL, 0);
+ set = prctl(PR_SET_KEEPCAPS, value);
+ if (set < 0) {
+ fprintf(stderr, "prctl(PR_SET_KEEPCAPS, %u) failed: %s\n",
+ value, strerror(errno));
+ exit(1);
+ }
+ } else if (!memcmp("--chroot=", argv[i], 9)) {
+ int status;
+ cap_t orig, raised_for_chroot;
+
+ orig = cap_get_proc();
+ if (orig == NULL) {
+ perror("Capabilities not available");
+ exit(1);
+ }
+
+ raised_for_chroot = cap_dup(orig);
+ if (raised_for_chroot == NULL) {
+ perror("Unable to duplicate capabilities");
+ exit(1);
+ }
+
+ if (cap_set_flag(raised_for_chroot, CAP_EFFECTIVE, 1, raise_chroot,
+ CAP_SET) != 0) {
+ perror("unable to select CAP_SET_SYS_CHROOT");
+ exit(1);
+ }
+
+ if (cap_set_proc(raised_for_chroot) != 0) {
+ perror("unable to raise CAP_SYS_CHROOT");
+ exit(1);
+ }
+ cap_free(raised_for_chroot);
+
+ status = chroot(argv[i]+9);
+ if (cap_set_proc(orig) != 0) {
+ perror("unable to lower CAP_SYS_CHROOT");
+ exit(1);
+ }
+ cap_free(orig);
+
+ if (status != 0) {
+ fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
+ exit(1);
+ }
+ } else if (!memcmp("--secbits=", argv[i], 10)) {
+ unsigned value;
+ int status;
+
+ value = strtoul(argv[i]+10, NULL, 0);
+ status = prctl(PR_SET_SECUREBITS, value);
+ if (status < 0) {
+ fprintf(stderr, "failed to set securebits to 0%o/0x%x\n",
+ value, value);
+ exit(1);
+ }
+ } else if (!memcmp("--forkfor=", argv[i], 10)) {
+ unsigned value;
+
+ value = strtoul(argv[i]+10, NULL, 0);
+ if (value == 0) {
+ goto usage;
+ }
+ child = fork();
+ if (child < 0) {
+ perror("unable to fork()");
+ } else if (!child) {
+ sleep(value);
+ exit(0);
+ }
+ } else if (!memcmp("--killit=", argv[i], 9)) {
+ int retval, status;
+ pid_t result;
+ unsigned value;
+
+ value = strtoul(argv[i]+9, NULL, 0);
+ if (!child) {
+ fprintf(stderr, "no forked process to kill\n");
+ exit(1);
+ }
+ retval = kill(child, value);
+ if (retval != 0) {
+ perror("Unable to kill child process");
+ exit(1);
+ }
+ result = waitpid(child, &status, 0);
+ if (result != child) {
+ fprintf(stderr, "waitpid didn't match child: %u != %u\n",
+ child, result);
+ exit(1);
+ }
+ if (WTERMSIG(status) != value) {
+ fprintf(stderr, "child terminated with odd signal (%d != %d)\n"
+ , value, WTERMSIG(status));
+ exit(1);
+ }
+ } else if (!memcmp("--uid=", argv[i], 6)) {
+ unsigned value;
+ int status;
+
+ value = strtoul(argv[i]+6, NULL, 0);
+ status = setuid(value);
+ if (status < 0) {
+ fprintf(stderr, "Failed to set uid=%u: %s\n",
+ value, strerror(errno));
+ exit(1);
+ }
+ } else if (!memcmp("--gid=", argv[i], 6)) {
+ unsigned value;
+ int status;
+
+ value = strtoul(argv[i]+6, NULL, 0);
+ status = setgid(value);
+ if (status < 0) {
+ fprintf(stderr, "Failed to set gid=%u: %s\n",
+ value, strerror(errno));
+ exit(1);
+ }
+ } else if (!memcmp("--groups=", argv[i], 9)) {
+ char *ptr, *buf;
+ long length, max_groups;
+ gid_t *group_list;
+ int g_count;
+
+ length = sysconf(_SC_GETGR_R_SIZE_MAX);
+ buf = calloc(1, length);
+ if (NULL == buf) {
+ fprintf(stderr, "No memory for [%s] operation\n", argv[i]);
+ exit(1);
+ }
+
+ max_groups = sysconf(_SC_NGROUPS_MAX);
+ group_list = calloc(max_groups, sizeof(gid_t));
+ if (NULL == group_list) {
+ fprintf(stderr, "No memory for gid list\n");
+ exit(1);
+ }
+
+ g_count = 0;
+ for (ptr = argv[i] + 9; (ptr = strtok(ptr, ","));
+ ptr = NULL, g_count++) {
+ if (max_groups <= g_count) {
+ fprintf(stderr, "Too many groups specified (%d)\n", g_count);
+ exit(1);
+ }
+ if (!isdigit(*ptr)) {
+ struct group *g, grp;
+ getgrnam_r(ptr, &grp, buf, length, &g);
+ if (NULL == g) {
+ fprintf(stderr, "Failed to identify gid for group [%s]\n", ptr);
+ exit(1);
+ }
+ group_list[g_count] = g->gr_gid;
+ } else {
+ group_list[g_count] = strtoul(ptr, NULL, 0);
+ }
+ }
+ free(buf);
+ if (setgroups(g_count, group_list) != 0) {
+ fprintf(stderr, "Failed to setgroups.\n");
+ exit(1);
+ }
+ free(group_list);
+ } else if (!memcmp("--user=", argv[i], 7)) {
+ struct passwd *pwd;
+ const char *user;
+ gid_t groups[MAX_GROUPS];
+ int status, ngroups;
+
+ user = argv[i] + 7;
+ pwd = getpwnam(user);
+ if (pwd == NULL) {
+ fprintf(stderr, "User [%s] not known\n", user);
+ exit(1);
+ }
+ ngroups = MAX_GROUPS;
+ status = getgrouplist(user, pwd->pw_gid, groups, &ngroups);
+ if (status < 1) {
+ perror("Unable to get group list for user");
+ exit(1);
+ }
+ status = setgroups(ngroups, groups);
+ if (status != 0) {
+ perror("Unable to set group list for user");
+ exit(1);
+ }
+ status = setgid(pwd->pw_gid);
+ if (status < 0) {
+ fprintf(stderr, "Failed to set gid=%u(user=%s): %s\n",
+ pwd->pw_gid, user, strerror(errno));
+ exit(1);
+ }
+ status = setuid(pwd->pw_uid);
+ if (status < 0) {
+ fprintf(stderr, "Failed to set uid=%u(user=%s): %s\n",
+ pwd->pw_uid, user, strerror(errno));
+ exit(1);
+ }
+ } else if (!memcmp("--decode=", argv[i], 9)) {
+ unsigned long long value;
+ unsigned cap;
+ const char *sep = "";
+
+ /* Note, if capabilities become longer than 64-bits we'll need
+ to fixup the following code.. */
+ value = strtoull(argv[i]+9, NULL, 16);
+ printf("0x%016llx=", value);
+
+ for (cap=0; (cap < 64) && (value >> cap); ++cap) {
+ if (value & (1ULL << cap)) {
+ const char *ptr;
+
+ ptr = cap_to_name(cap);
+ if (ptr != NULL) {
+ printf("%s%s", sep, ptr);
+ } else {
+ printf("%s%u", sep, cap);
+ }
+ sep = ",";
+ }
+ }
+ printf("\n");
+ } else if (!strcmp("--print", argv[i])) {
+ unsigned cap;
+ int set, status, j;
+ cap_t all;
+ char *text;
+ const char *sep;
+ struct group *g;
+ gid_t groups[MAX_GROUPS], gid;
+ uid_t uid;
+ struct passwd *u;
+
+ all = cap_get_proc();
+ text = cap_to_text(all, NULL);
+ printf("Current: %s\n", text);
+ cap_free(text);
+ cap_free(all);
+
+ printf("Bounding set =");
+ sep = "";
+ for (cap=0; (set = prctl(PR_CAPBSET_READ, cap)) >= 0; cap++) {
+ const char *ptr;
+ if (!set) {
+ continue;
+ }
+
+ ptr = cap_to_name(cap);
+ if (ptr == 0) {
+ printf("%s%u", sep, cap);
+ } else {
+ printf("%s%s", sep, ptr);
+ }
+ sep = ",";
+ }
+ printf("\n");
+ set = prctl(PR_GET_SECUREBITS);
+ if (set >= 0) {
+ const char *b;
+ b = binary(set); /* use verilog convention for binary string */
+ printf("Securebits: 0%o/0x%x/%u'b%s\n", set, set, strlen(b), b);
+ printf(" secure-noroot: %s (%s)\n",
+ (set & 1) ? "yes":"no",
+ (set & 2) ? "locked":"unlocked");
+ printf(" secure-no-suid-fixup: %s (%s)\n",
+ (set & 4) ? "yes":"no",
+ (set & 8) ? "locked":"unlocked");
+ printf(" secure-keep-caps: %s (%s)\n",
+ (set & 16) ? "yes":"no",
+ (set & 32) ? "locked":"unlocked");
+ } else {
+ printf("[Securebits ABI not supported]\n");
+ set = prctl(PR_GET_KEEPCAPS);
+ if (set >= 0) {
+ printf(" prctl-keep-caps: %s (locking not supported)\n",
+ set ? "yes":"no");
+ } else {
+ printf("[Keepcaps ABI not supported]\n");
+ }
+ }
+ uid = getuid();
+ u = getpwuid(uid);
+ printf("uid=%u(%s)\n", getuid(), u ? u->pw_name : "???");
+ gid = getgid();
+ g = getgrgid(gid);
+ printf("gid=%u(%s)\n", gid, g ? g->gr_name : "???");
+ printf("groups=");
+ status = getgroups(MAX_GROUPS, groups);
+ sep = "";
+ for (j=0; j < status; j++) {
+ g = getgrgid(groups[j]);
+ printf("%s%u(%s)", sep, groups[j], g ? g->gr_name : "???");
+ sep = ",";
+ }
+ printf("\n");
+ } else if ((!strcmp("--", argv[i])) || (!strcmp("==", argv[i]))) {
+ argv[i] = strdup(argv[i][0] == '-' ? "/bin/bash" : argv[0]);
+ argv[argc] = NULL;
+ execve(argv[i], argv+i, envp);
+ fprintf(stderr, "execve /bin/bash failed!\n");
+ exit(1);
+ } else {
+ usage:
+ printf("usage: %s [args ...]\n"
+ " --help this message (or try 'man capsh')\n"
+ " --print display capability relevant state\n"
+ " --decode=xxx decode a hex string to a list of caps\n"
+ " --drop=xxx remove xxx,.. capabilities from bset\n"
+ " --caps=xxx set caps as per cap_from_text()\n"
+ " --inh=xxx set xxx,.. inheritiable set\n"
+ " --secbits=<n> write a new value for securebits\n"
+ " --keep=<n> set keep-capabability bit to <n>\n"
+ " --uid=<n> set uid to <n> (hint: id <username>)\n"
+ " --gid=<n> set gid to <n> (hint: id <username>)\n"
+ " --groups=g,... set the supplemental groups\n"
+ " --user=<name> set uid,gid and groups to that of user\n"
+ " --chroot=path chroot(2) to this path\n"
+ " --killit=<n> send signal(n) to child\n"
+ " --forkfor=<n> fork and make child sleep for <n> sec\n"
+ " == re-exec(capsh) with args as for --\n"
+ " -- remaing arguments are for /bin/bash\n"
+ " (without -- [%s] will simply exit(0))\n",
+ argv[0], argv[0]);
+
+ exit(strcmp("--help", argv[i]) != 0);
+ }
+ }
+
+ exit(0);
+}
--- libcap-2.19/progs/getcap.c
+++ libcap-2.19/progs/getcap.c
(renamed from libcap-2.17/progs/getcap.c)
--- libcap-2.19/progs/getpcaps.c
+++ libcap-2.19/progs/getpcaps.c
(renamed from libcap-2.17/progs/getpcaps.c)
--- libcap-2.19/progs/old
+++ libcap-2.19/progs/old
+(directory)
--- libcap-2.19/progs/old/README
+++ libcap-2.19/progs/old/README
+these files are not relevant to this release
--- libcap-2.19/progs/old/execcap.c
+++ libcap-2.19/progs/old/execcap.c
(renamed from libcap-2.17/progs/old/execcap.c)
--- libcap-2.19/progs/old/setpcaps.c
+++ libcap-2.19/progs/old/setpcaps.c
(renamed from libcap-2.17/progs/old/setpcaps.c)
--- libcap-2.19/progs/old/sucap.c
+++ libcap-2.19/progs/old/sucap.c
(renamed from libcap-2.17/progs/old/sucap.c)
--- libcap-2.19/progs/quicktest.sh
+++ libcap-2.19/progs/quicktest.sh
+#!/bin/bash
+#
+# Run through a series of tests to try out the various capability
+# manipulations posible through exec.
+#
+# [Run this as root in a root-enabled process tree.]
+
+try_capsh () {
+ echo "TEST: ./capsh $*"
+ ./capsh "$@"
+ if [ $? -ne 0 ]; then
+ echo FAILED
+ return 1
+ else
+ echo PASSED
+ return 0
+ fi
+}
+
+fail_capsh () {
+ echo -n "EXPECT FAILURE: "
+ try_capsh "$@"
+ if [ $? -eq 1 ]; then
+ return 0
+ else
+ echo "Undesired result - aborting"
+ echo "PROBLEM TEST: $*"
+ exit 1
+ fi
+}
+
+pass_capsh () {
+ echo -n "EXPECT SUCCESS: "
+ try_capsh "$@"
+ if [ $? -eq 0 ]; then
+ return 0
+ else
+ echo "Undesired result - aborting"
+ echo "PROBLEM TEST: $*"
+ exit 1
+ fi
+}
+
+pass_capsh --print
+
+# Make a local non-setuid-0 version of ping
+cp /bin/ping . && chmod -s ./ping
+
+# Give it the forced capability it needs
+./setcap all=ep ./ping
+if [ $? -ne 0 ]; then
+ echo "Failed to set all capabilities on file"
+ exit 1
+fi
+./setcap cap_net_raw=ep ./ping
+if [ $? -ne 0 ]; then
+ echo "Failed to set single capability on ping file"
+ exit 1
+fi
+
+# Explore keep_caps support
+pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
+
+rm -f tcapsh
+cp capsh tcapsh
+chown root.root tcapsh
+chmod u+s tcapsh
+ls -l tcapsh
+
+# leverage keep caps maintain capabilities accross a change of uid
+# from setuid root to capable luser (as per wireshark/dumpcap 0.99.7)
+pass_capsh --uid=500 -- -c "./tcapsh --keep=1 --caps=\"cap_net_raw,cap_net_admin=ip\" --uid=500 --caps=\"cap_net_raw,cap_net_admin=pie\" --print"
+
+# This fails, on 2.6.24, but shouldn't
+pass_capsh --uid=500 -- -c "./tcapsh --keep=1 --caps=\"cap_net_raw,cap_net_admin=ip\" --uid=500 --forkfor=10 --caps= --print --killit=9 --print"
+
+rm -f tcapsh
+
+# only continue with these if --secbits is supported
+./capsh --secbits=0x2f > /dev/null 2>&1
+if [ $? -ne 0 ]; then
+ echo "unable to test securebits manipulation - assume not supported (PASS)"
+ rm -f ./ping
+ exit 0
+fi
+
+pass_capsh --secbits=42 --print
+fail_capsh --secbits=32 --keep=1 --keep=0 --print
+pass_capsh --secbits=10 --keep=0 --keep=1 --print
+fail_capsh --secbits=47 -- -c "ping -c1 localhost"
+
+# Suppress uid=0 privilege
+fail_capsh --secbits=47 --print -- -c "/bin/ping -c1 localhost"
+
+# suppress uid=0 privilege and test this ping
+pass_capsh --secbits=0x2f --print -- -c "./ping -c1 localhost"
+
+# observe that the bounding set can be used to suppress this forced capability
+fail_capsh --drop=cap_net_raw,cap_chown --secbits=0x2f --print -- -c "./ping -c1 localhost"
+
+# change the way the capability is obtained (make it inheritable)
+./setcap cap_net_raw=ei ./ping
+
+pass_capsh --secbits=47 --inh=cap_net_raw --drop=cap_net_raw \
+ --uid=500 --print -- -c "./ping -c1 localhost"
+
+rm -f ./ping
+
+# test that we do not support capabilities on setuid shell-scripts
+cat > hack.sh <<EOF
+#!/bin/bash
+mypid=\$\$
+caps=\$(./getpcaps \$mypid 2>&1 | cut -d: -f2)
+if [ "\$caps" != " =" ]; then
+ echo "Shell script got [\$caps] - you should upgrade your kernel"
+ exit 1
+else
+ ls -l \$0
+ echo "Good, no capabilities [\$caps] for this setuid-0 shell script"
+fi
+exit 0
+EOF
+chmod +xs hack.sh
+./capsh --uid=500 -- ./hack.sh
+status=$?
+rm -f ./hack.sh
+if [ $status -ne 0 ]; then
+ echo "shell scripts can have capabilities (bug)"
+ exit 1
+fi
+
+# Max lockdown
+pass_capsh --keep=1 --user=nobody --caps=cap_setpcap=ep \
+ --drop=all --secbits=0x2f --caps= --print
--- libcap-2.19/progs/setcap.c
+++ libcap-2.19/progs/setcap.c
(renamed from libcap-2.17/progs/setcap.c)
--- libcap-2.19/template.c
+++ libcap-2.19/template.c
(renamed from libcap-2.17/template.c)
More information about the MeeGo-commits
mailing list