diff --git a/README b/README deleted file mode 100644 index 9308067..0000000 --- a/README +++ /dev/null @@ -1,18 +0,0 @@ -The code to be found here is all stuff intended to be integrated with -2.3. - -Currently, its a patch in progress against 2.2 - -You can get a copy of the defunct POSIX draft specification for -capabilities and some other interesting things here: - - http://www.guug.de/~winni/posix.1e/download.html - -If you are looking for ACL patches for kernels, take a look here: - - http://aerobee.informatik.uni-bremen.de/acl_download.html - -Cheers - -Andrew - diff --git a/baselibs.conf b/baselibs.conf index b160bd0..6d70477 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1 @@ -libcap +libcap2 diff --git a/capfaq-0.2.txt.gz b/capfaq-0.2.txt.gz deleted file mode 100644 index 4946788..0000000 --- a/capfaq-0.2.txt.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7c867ee8708872be2f18dc324ba730c3d3a3a9abc90152f0c74dc1baeb257ad2 -size 4566 diff --git a/header.patch b/header.patch deleted file mode 100644 index f3a3362..0000000 --- a/header.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libcap/_makenames.c-dist 1999-05-14 06:46:15.000000000 +0200 -+++ libcap/_makenames.c 2006-12-19 17:56:11.000000000 +0100 -@@ -9,7 +9,7 @@ - - #include - #include --#include -+#include "include/sys/capability.h" - - /* - * #include 'sed' generated array diff --git a/libcap-1.10.diff b/libcap-1.10.diff deleted file mode 100644 index 98633eb..0000000 --- a/libcap-1.10.diff +++ /dev/null @@ -1,104 +0,0 @@ ---- Make.Rules-dist 1999-11-18 07:06:02.000000000 +0100 -+++ Make.Rules 2006-12-19 18:18:57.000000000 +0100 -@@ -14,17 +14,21 @@ - # Otherwise binaries and libraraies are installed in /{lib,sbin}/, - # header files in /usr/include/ and documentation in /usr/man/man?/. - -+ifndef lib -+lib=lib -+endif -+ - ifdef prefix - exec_prefix=$(prefix) - lib_prefix=$(exec_prefix) - inc_prefix=$(lib_prefix) --man_prefix=$(prefix) -+man_prefix=$(prefix)/share - else - prefix=/usr - exec_prefix= - lib_prefix=$(exec_prefix) - inc_prefix=$(prefix) --man_prefix=$(prefix) -+man_prefix=$(prefix)/share - endif - - # Target directories -@@ -32,7 +36,7 @@ - MANDIR=$(FAKEROOT)$(man_prefix)/man - SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin - INCDIR=$(FAKEROOT)$(inc_prefix)/include --LIBDIR=$(FAKEROOT)$(lib_prefix)/lib -+LIBDIR=$(FAKEROOT)$(lib_prefix)/$(lib) - - # common defines for libcap (suitable for 2.2.1+ Linux kernels) - VERSION=1 -@@ -43,11 +47,11 @@ - - CC=gcc - COPTFLAGS=-O2 --DEBUG=-g #-DDEBUG --WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ -+DEBUG=-O2 -g #-DDEBUG -+WARNINGS=-D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ -- -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ -- -Wnested-externs -Winline -Wshadow -pedantic -+ -Wstrict-prototypes -Wmissing-prototypes \ -+ -Wnested-externs -Winline -Wshadow - LD=ld - LDFLAGS=-s #-g - ---- libcap/Makefile-dist 1999-04-18 00:16:31.000000000 +0200 -+++ libcap/Makefile 2006-12-19 18:18:44.000000000 +0100 -@@ -32,7 +32,7 @@ - LIBNAME=libcap.so - # - --FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys -+FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys #cap_sys2 - - # for later when there is filesystem support for cap's: - #FILES += cap_file -@@ -63,6 +63,9 @@ - %.o: %.c $(INCLS) - $(CC) $(CFLAGS) -c $< -o $@ - -+cap_sys2.o: cap_sys2.c $(INCLS) -+ $(CC) -Wall -O2 -c $< -o $@ -+ - install: all - mkdir -p -m 0755 $(INCDIR)/sys - install -m 0644 include/sys/capability.h $(INCDIR)/sys ---- libcap/cap_sys.c-dist 1999-04-18 00:16:31.000000000 +0200 -+++ libcap/cap_sys.c 2006-12-19 18:18:44.000000000 +0100 -@@ -11,6 +11,8 @@ - #define __LIBRARY__ - #include - -+ -+#if 0 - _syscall2(int, capget, - cap_user_header_t, header, - cap_user_data_t, data) -@@ -18,6 +20,7 @@ _syscall2(int, capget, - _syscall2(int, capset, - cap_user_header_t, header, - const cap_user_data_t, data) -+#endif - - /* - * $Log: cap_sys.c,v $ ---- libcap/cap_sys2.c-dist 2006-12-19 18:18:44.000000000 +0100 -+++ libcap/cap_sys2.c 2006-12-19 18:18:44.000000000 +0100 -@@ -0,0 +1,10 @@ -+#include -+#include -+ -+_syscall2(int, capget, -+ cap_user_header_t, header, -+ cap_user_data_t, data) -+ -+_syscall2(int, capset, -+ cap_user_header_t, header, -+ const cap_user_data_t, data) diff --git a/libcap-1.10.tar.bz2 b/libcap-1.10.tar.bz2 deleted file mode 100644 index a2af62a..0000000 --- a/libcap-1.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:66c3f033fdc8f9ba0bd9d0ae2d1f2c11f9fa51bf0d1418e5cb75e29e6577a5bc -size 26686 diff --git a/libcap-2.08.tar.bz2 b/libcap-2.08.tar.bz2 new file mode 100644 index 0000000..4b6cefd --- /dev/null +++ b/libcap-2.08.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:be775d6fd65c378b8d9688e87758af55da2ee3df94e144e81be809f13b62bbab +size 40758 diff --git a/libcap-array-range-fix.diff b/libcap-array-range-fix.diff deleted file mode 100644 index 41d9f89..0000000 --- a/libcap-array-range-fix.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- libcap/cap_extint.c-dist 2007-01-24 12:04:05.000000000 +0100 -+++ libcap/cap_extint.c 2007-01-24 12:04:48.000000000 +0100 -@@ -105,7 +105,7 @@ cap_t cap_copy_int(const void *cap_ext) - return NULL; - - blen = export->length_of_capset; -- for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) { -+ for (set=0; set - #include - #include -+#include - - static void usage(void) - { -@@ -28,7 +29,7 @@ static void usage(void) - exit(1); - } - --void main(int argc, char **argv) -+int main(int argc, char **argv) - { - cap_t new_caps; - -@@ -62,4 +63,5 @@ void main(int argc, char **argv) - fprintf(stderr, "Unable to execute command: %s\n", strerror(errno)); - - usage(); -+ return 0; - } ---- progs/sucap.c-dist 1999-04-18 00:16:31.000000000 +0200 -+++ progs/sucap.c 2006-12-19 18:21:22.000000000 +0100 -@@ -48,7 +48,7 @@ wait_on_fd(int fd) - } - - --void main(int argc, char **argv) -+int main(int argc, char **argv) - { - cap_t old_caps; - uid_t uid; -@@ -193,4 +193,5 @@ void main(int argc, char **argv) - /* exit to signal mother process that we are ready */ - _exit(0); - } -+ return 0; - } ---- libcap/cap_extint.c-dist 1999-04-18 00:16:31.000000000 +0200 -+++ libcap/cap_extint.c 2006-12-19 18:21:22.000000000 +0100 -@@ -91,7 +91,7 @@ cap_t cap_copy_int(const void *cap_ext) - (const struct cap_ext_struct *) cap_ext; - cap_t cap_d; - int set, blen; -- __u32 * to = (__u32 *) &cap_d->set; -+ __u32 * to; - - /* Does the external representation make sense? */ - if (export == NULL || !memcmp(export->magic, external_magic -@@ -104,6 +104,7 @@ cap_t cap_copy_int(const void *cap_ext) - if (!(cap_d = cap_init())) - return NULL; - -+ to = (__u32 *) &cap_d->set; - blen = export->length_of_capset; - for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) { - int blk; diff --git a/libcap-invalid-free-fix.diff b/libcap-invalid-free-fix.diff deleted file mode 100644 index a4088c4..0000000 --- a/libcap-invalid-free-fix.diff +++ /dev/null @@ -1,34 +0,0 @@ ---- progs/getpcaps.c-dist 1999-11-18 07:04:25.000000000 +0100 -+++ progs/getpcaps.c 2006-12-19 17:51:31.000000000 +0100 -@@ -52,9 +52,11 @@ int main(int argc, char **argv) - continue; - } else { - char *result = cap_to_text(cap_d, &length); -- fprintf(stderr, "Capabilities for `%s': %s\n", *argv, result); -- cap_free(result); -- result = NULL; -+ if (result) { -+ fprintf(stderr, "Capabilities for `%s': %s\n", *argv, result); -+ cap_free(result); -+ result = NULL; -+ } - } - } - ---- progs/setpcaps.c-dist 1999-11-18 07:04:26.000000000 +0100 -+++ progs/setpcaps.c 2006-12-19 17:51:57.000000000 +0100 -@@ -100,9 +100,11 @@ int main(int argc, char **argv) - char *result; - - result = cap_to_text(cap_d, &length); -- fprintf(stderr, "[caps set to:\n%s\n]\n", result); -- cap_free(result); -- result = NULL; -+ if (result) { -+ fprintf(stderr, "[caps set to:\n%s\n]\n", result); -+ cap_free(result); -+ result = NULL; -+ } - } - #endif - diff --git a/libcap-shlib-fix.diff b/libcap-shlib-fix.diff deleted file mode 100644 index 6597d7b..0000000 --- a/libcap-shlib-fix.diff +++ /dev/null @@ -1,42 +0,0 @@ ---- progs/Makefile-dist 1999-04-18 00:16:31.000000000 +0200 -+++ progs/Makefile 2006-12-19 18:30:24.000000000 +0100 -@@ -36,15 +36,15 @@ - all: $(PROGS) - - $(PROGS): %: %.o -- $(CC) $(LDFLAGS) -o $@ $< $(LIBS) -+ $(CC) $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS) - - %.o: %.c $(INCS) -- $(CC) $(CFLAGS) -c $< -o $@ -+ $(CC) $(COPTFLAG) $(CFLAGS) -c $< -o $@ - - install: all - mkdir -p -m 0755 $(SBINDIR) - for p in $(PROGS) ; do \ -- install -s -m 0755 $$p $(SBINDIR) ; \ -+ install -m 0755 $$p $(SBINDIR) ; \ - done - - clean: ---- libcap/Makefile-dist 2006-12-19 18:28:36.000000000 +0100 -+++ libcap/Makefile 2006-12-19 18:30:53.000000000 +0100 -@@ -56,15 +56,15 @@ - # @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed - - $(MINLIBNAME): $(OBJS) -- $(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS) -+ $(CC) $(COPTFLAG) -Wl,-soname,$(MAJLIBNAME) -shared -o $@ $(OBJS) - ln -sf $(MINLIBNAME) $(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBNAME) - - %.o: %.c $(INCLS) -- $(CC) $(CFLAGS) -c $< -o $@ -+ $(CC) $(COPTFLAG) $(CFLAGS) -fpic -c $< -o $@ - - cap_sys2.o: cap_sys2.c $(INCLS) -- $(CC) -Wall -O2 -c $< -o $@ -+ $(CC) $(COPTFLAG) $(CFLAGS) -fpic -c $< -o $@ - - install: all - mkdir -p -m 0755 $(INCDIR)/sys diff --git a/libcap.changes b/libcap.changes index d59113e..b56f948 100644 --- a/libcap.changes +++ b/libcap.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 23 15:18:28 CEST 2008 - tiwai@suse.de + +- updated to libcap-2.08 + properly supporting the recent 2.6 kernels + ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de diff --git a/libcap.spec b/libcap.spec index fb814ec..2335c9a 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,5 +1,5 @@ # -# spec file for package libcap (Version 1.10) +# spec file for package libcap (Version 2.08) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,26 +12,17 @@ Name: libcap +BuildRequires: fdupes libattr-devel License: BSD 3-Clause Group: System/Libraries AutoReqProv: on Summary: Library for Capabilities (linux-privs) Support -Version: 1.10 -Release: 72 -Source: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4/libcap-1.10.tar.bz2 -Source3: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/uid-proc.patch -Source4: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/old/kernel-2.4/README -Source5: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt.gz -Patch: libcap-%{version}.diff -# Patch1: gcc3.diff -Patch2: header.patch -Patch1: libcap-shlib-fix.diff -Patch3: libcap.eal3.diff -Patch4: libcap-gcc-warning-fixes.diff -Patch6: libcap-invalid-free-fix.diff -Patch7: libcap-array-range-fix.diff +Version: 2.08 +Release: 2 +Source: ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2 +Patch: libcap-dynamic-link.diff +Patch1: libcap.eal3.diff #URL: http://www.kernel.org/ -#Prefix: /usr BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -44,11 +35,26 @@ done automatically by the kernel. +%package -n libcap2 +License: BSD 3-Clause +Summary: Library for Capabilities (linux-privs) Support +Group: System/Libraries + +%description -n libcap2 +Capabilities are a measure to limit the omnipotence of the superuser. +Currently a program started by root or setuid root has the power to do +anything. Capabilities (Linux-Privs) provide a more fine-grained access +control. Without kernel patches, you can use this library to drop +capabilities within setuid binaries. If you use patches, this can be +done automatically by the kernel. + + + %package devel License: BSD 3-Clause Summary: Development files for libcap Group: Development/Libraries/C and C++ -Requires: glibc-devel %{name} = %{version} +Requires: glibc-devel libcap2 = %{version} %description devel Development files (Headers, libraries for static linking, etc) for @@ -74,53 +80,46 @@ libcap. %prep -%setup +%setup -q %patch -%patch1 -%patch2 -%patch3 -p2 -%patch4 -%patch6 -%patch7 -cp -p %SOURCE3 . -cp -p %SOURCE4 ./README.libcap -cp -p %SOURCE5 . +%patch1 -p2 %build -lib=%{_lib} make LDFLAGS= COPTFLAG="$RPM_OPT_FLAGS" +lib=%{_lib} make %{?jobs:-j %jobs} LDFLAGS= COPTFLAG="$RPM_OPT_FLAGS" %install -make install FAKEROOT=$RPM_BUILD_ROOT LIBDIR=$RPM_BUILD_ROOT/%{_lib} MANDIR=$RPM_BUILD_ROOT%{_mandir} +make install DESTDIR=$RPM_BUILD_ROOT LIBDIR=$RPM_BUILD_ROOT/%{_lib} MANDIR=$RPM_BUILD_ROOT%{_mandir} # move *.so file to libdir and relink rm -f $RPM_BUILD_ROOT/%{_lib}/*.so mkdir -p $RPM_BUILD_ROOT%{_libdir} -ln -s /%{_lib}/libcap.so.1 $RPM_BUILD_ROOT%{_libdir}/libcap.so -rm $RPM_BUILD_ROOT%{_mandir}/man2/{capget,capset}.2* +ln -s /%{_lib}/libcap.so.2 $RPM_BUILD_ROOT%{_libdir}/libcap.so +%fdupes -s $RPM_BUILD_ROOT -%post -p /sbin/ldconfig +%post -n libcap2 -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun -n libcap2 -p /sbin/ldconfig -%files +%files -n libcap2 %defattr(-,root,root) %attr(755,root,root) /%{_lib}/libcap.so.* %files progs %defattr(-,root,root) -%doc %{_mandir}/man3/* -/sbin/getpcaps -/sbin/setpcaps -/sbin/execcap -/sbin/sucap +%doc %{_mandir}/man8/* +/sbin/* %files devel %defattr(-,root,root) -%doc License README CHANGELOG uid-proc.patch README.libcap capfaq-0.2.txt.gz -#%doc fcaps-2.2.9-990610.patch.bz2 fcap-module-990613.tar.bz2 +%doc License README CHANGELOG %{_includedir}/sys/capability.h %{_libdir}/*.so +%doc %{_mandir}/man2/* +%doc %{_mandir}/man3/* %changelog +* Wed Apr 23 2008 tiwai@suse.de +- updated to libcap-2.08 + properly supporting the recent 2.6 kernels * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support diff --git a/uid-proc.patch b/uid-proc.patch deleted file mode 100644 index 0b8816f..0000000 --- a/uid-proc.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -urN linux-2.2.1/fs/proc/inode.c linux-caps/fs/proc/inode.c ---- linux-2.2.1/fs/proc/inode.c Fri May 8 18:10:30 1998 -+++ linux-caps/fs/proc/inode.c Sun Jan 31 00:02:05 1999 -@@ -267,10 +267,19 @@ - - inode->u.generic_ip = (void *) de; - if (de) { -- if (de->mode) { -+ if (de->mode) { /* why conditional on non-zero mode? */ -+ struct inode *sbi; -+ - inode->i_mode = de->mode; -- inode->i_uid = de->uid; -- inode->i_gid = de->gid; -+ -+ if ((ino != PROC_ROOT_INO) -+ && (sbi = sb->s_root->d_inode)) { -+ inode->i_uid = sbi->i_uid; -+ inode->i_gid = sbi->i_gid; -+ } else { -+ inode->i_uid = de->uid; -+ inode->i_gid = de->gid; -+ } - } - if (de->size) - inode->i_size = de->size;