| Age | Commit message (Collapse) | Author |
|---|
|
Avoid building any of the GO stuff:
make GOLANG=no ...
Build with a specific build of GO:
make GO=~/sdk/go1.16rc1/bin/go ...
Also, now https://github.com/golang/go/issues/43149 is resolved in the
go1.16rc1 build (it does not work in the go1.16beta1 but we don't support
that one any more), remove the forced CGO use for the go/psx-signals build.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
https://bugzilla.kernel.org/show_bug.cgi?id=210613
Essentially, 6 argument psx_syscall()s were not correctly implemented
before. The only consumer of these in [lib]cap were to set and reset
the ambient capability values, and so far I evidently hadn't tested
them in a multithreaded program.
Six argument psx_syscall()s work now, and I've adapted the reproducer
code into a new make sudotest.
Also cleaned up the psx_syscall() macro to remove any ambiguity about
argument sizes.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Tidy up the ignored files in the go/ subdirectory.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This is a workaround for:
https://bugzilla.kernel.org/show_bug.cgi?id=210533
I've also adapted the test attachment from that bug to run without
privilege.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
It has been requested that we make the "libcap/cap" package into
a module that plays better with the golang ecosystem. I was holding
off until there was a golang version that contained the
runtime.AllThreadsSyscall() support, but that appears to not have
made it to 1.15, so I'm using a development build tag dependency
in otherwise static sources for the "libcap/cap" package.
My intention is that the canonical import paths for these packages
will be:
"git.kernel.org/libs/libcap/cap"
"git.kernel.org/libs/libcap/psx"
That being said, I may have to move them if I can't get some
proxy to resolve these paths to the right git repo of kernel.org.
The is work in the direction of addressing:
https://bugzilla.kernel.org/show_bug.cgi?id=207567
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
From a Go runtime provide a convenient way to launch a different
process with modified capabilities etc. without disturbing the
security state of the parent.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Reject &cap.Set{} definitions harder. Require the use of cap.NewCap().
Also remove dependence on syscall.*Syscall6() for prctl - our use is
fully covered by the syscall.*Syscall() API.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
The API for this "libcap/cap" package is very similar to libcap.
I've included a substantial interoperability test that validate
libcap(c) and libcap/cap(go) have import/export text and binary
format compatibility.
My motivation for implementing a standalone Go package was for a
cross-compilation issue I ran into (Go is much more friendly for
cross-compilation by default, unless you need to use cgo).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
