Age | Commit message (Collapse) | Author |
|
Suggestion from Mark Wielaard @ Redhat and, more recently from Akhil Arora @ Intel.
Signed-off-by: Andrew G Morgan <morgan@kernel.org>
|
|
This shows up when you try to run getpcaps on a system still
running with 32-bit capabilities. The output is very verbose for
a process with no capabilities. Now it yields '='.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Test new and old function with modified test.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
v3 capabilities are functionally equivalent to v2 capabilities, but
having a different magic value allow the kernel to warn about possibly
unsafe use of v2 capabilities.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Be more explicit with a local definition of _LIBCAP_CAPABILITY_* to
indicate the libraries preferred capability revision.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Andrew Morton said:
The hitherto-invisible-to-me PR_GET_TSC and PR_SET_TSC have turned up in
mainline, so I have renumbered your prctl options to
/* Get/set securebits (as per security/commoncap.c) */
#define PR_GET_SECUREBITS 27
#define PR_SET_SECUREBITS 28
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
capsh allocated too little memory for the --inh argument - led to glibc
aborting with free().
libcap has always had latent support for identifying unnamed capabilities
with integers. It was untested (and therefore broken) prior to this commit.
Should be fixed now.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
Capsh is a simple 'bash' wrapper program that can be used to
raise and lower both the bset and pI capabilities before invoking
/bin/bash (hardcoded right now).
The --print option can be used as a quick test whether various
capability manipulations work as expected (or not).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
This revision of libcap has support for 32-bit and 64-bit capabilities.
It also supports filesystem capabilities of both sizes.
|
|
This should compile with any iteration of a recent (2.6) kernel.
If your kernel has 64-bit capabilities support, and the kernel
headers indicate this, then it will include that. 32-bit legacy
kernel support is dynamically performed by such a build of libcap.
|
|
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.10.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.01.tar.gz
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.0.tar.gz
|