bd79f2d7d2
- update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory
Dirk Mueller2023-03-30 08:01:04 +00:00
40ce23a646
- update to 2.68: * Force libcap internal functions to be hidden outside the library * Expanded the list of man page (links) to all of the supported API functions. * fixed some formatting issues with the libpsx(3) manpage. * Add support for a markdown preamble and postscript when generating .md versions of the man pages (Bug 217007) * psx package clean up * fix some copy-paste errors with TestShared() * added a more complete psx testing into this test as well * cap package clean up * drop an unnecessary use of ", _" in the sources * cleaned up cap.NamedCount documentation * Converted goapps/web/README to .md format and fixed the instructions to indicate go mod tidy is needed. * cap_compare test binary now cleans up after itself (Bug 217018) * Figured out how to cross compile Go programs for arm (i.e. RPi) that use C code, don't use cgo but do use the psx package * Eliminate use of vendor directory
Dirk Mueller2023-03-30 08:01:04 +00:00
0d6a83f543
- update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Dirk Mueller2023-02-04 18:43:33 +00:00
12091c174d
- update to 2.67: * Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch from David Seifert. * Added SPDX identifiers to License file(s). Hopefully this will help the various robots out there correctly identify the longstanding licenses for libcap and friends. (Bug: 216609 reported by Günther Noack) * Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther Noack on behalf of Michael Stapelberg) * The basic issue is how to link C code with Go psx without using CGo. This is all a low level hackery. If you are interested, browse the source. * Correct for bad whatis entries in man pages (this was throwing a Debian build test, detail) * Also reviewed man pages and addressed cross linkage issues (Bug: * Cleaned up some README.md files (made a github mirror now just so I can automatically render them). * Changed meaning of DYNAMIC=no builds. This now builds everything with static linking except for libc. The reason for this exception is explained in the commit message. * Inserted demonstration exploit code in capso.so to support article. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Dirk Mueller2023-02-04 18:43:33 +00:00
b8ed86315c
- update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
Dirk Mueller2022-09-29 19:51:11 +00:00
9808a7b5e4
- update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
Dirk Mueller2022-09-29 19:51:11 +00:00
438cbe10ca
Accepting request 990728 from Base:System
Fabian Vogt2022-07-31 21:00:07 +00:00
fd28cf4930
Accepting request 990728 from Base:System
Fabian Vogt2022-07-31 21:00:07 +00:00
7ce603da3b
- update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation
Dirk Mueller2022-07-22 21:37:17 +00:00
9bdfe129fa
- update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation
Dirk Mueller2022-07-22 21:37:17 +00:00
f6cc24b125
- update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Dirk Mueller2022-04-12 19:47:22 +00:00
e4dd903abd
- update to 2.64: * Fix memory leak in libpsx at program exit. * Be more resilient to CGo configuration with Go compiler when building tests. * Fix cap_*prctl() return code/errno handling. * Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
Dirk Mueller2022-04-12 19:47:22 +00:00
c97b598a4b
- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently
Dirk Mueller2022-01-31 20:09:48 +00:00
43a301eda4
- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently
Dirk Mueller2022-01-31 20:09:48 +00:00
247a867674
- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID
Dirk Mueller2021-12-30 09:53:04 +00:00
aa4bc228c4
- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID
Dirk Mueller2021-12-30 09:53:04 +00:00
5f59917f96
- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module
Dirk Mueller2021-07-17 06:36:52 +00:00
219af2af85
- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module
Dirk Mueller2021-07-17 06:36:52 +00:00
65df6bfa1d
Accepting request 886056 from home:tiwai:branches:Base:System
Takashi Iwai2021-04-16 14:38:53 +00:00
69849890f7
Accepting request 886056 from home:tiwai:branches:Base:System
Takashi Iwai2021-04-16 14:38:53 +00:00
de9c77f605
Accepting request 880541 from Base:System
Richard Brown
2021-04-06 15:28:40 +00:00
ad22cdf553
Accepting request 880541 from Base:System
Richard Brown
2021-04-06 15:28:40 +00:00
af2d1522ed
- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.
Dirk Mueller2021-03-22 15:38:43 +00:00
2e27455bf7
- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.
Dirk Mueller2021-03-22 15:38:43 +00:00
eae0ad6ed8
- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0
Dirk Mueller2021-02-09 23:18:04 +00:00
99d8132069
- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0
Dirk Mueller2021-02-09 23:18:04 +00:00
b830e8a6f7
- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates
Dirk Mueller2021-01-27 07:55:14 +00:00
7e2dd96d0b
- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates
Dirk Mueller2021-01-27 07:55:14 +00:00
Ana Guerrero
Dirk Mueller
Takashi Iwai
Marcus Meissner
Dominique Leuenberger
Fabian Vogt
Richard Brown