forked from pool/libcap
Dirk Mueller
2db9681bdf
0002-No-longer-need-the-Go-build-tag-allthreadssyscall.patch 0003-Minor-fixes-for-cap-package-documentation.patch 0004-checkpoint.patch 0005-Clean-up-the-exit-status-to-match-other-binaries.patch 0006-People-keep-emailing-me-about-the-license-for-libcap.patch 0007-Augment-NOPRIV-libcap-mode-with-the-sticky-NO_NEW_PR.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/libcap?expand=0&rev=49
236 lines
9.3 KiB
Diff
236 lines
9.3 KiB
Diff
From 0f0c1fe489ec0ca69891a7999f5bda1c91e02f92 Mon Sep 17 00:00:00 2001
|
|
From: "Andrew G. Morgan" <morgan@kernel.org>
|
|
Date: Sat, 26 Dec 2020 17:35:40 -0800
|
|
Subject: [PATCH 6/7] People keep emailing me about the license for libcap.
|
|
|
|
There seems to have been a misconception that the tools and library
|
|
are GPL only. This has never been the case. The system was developed
|
|
from the start with a you-choose license: GPL(2 at the time) OR
|
|
BSD 3-clause. When GPL3 was released, it was decided that the
|
|
distribution would not follow that. As such, everything is:
|
|
|
|
BSD 3-clause or GPL2 (you choose).
|
|
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
---
|
|
progs/capsh.c | 58 ++++++++++++++++++++++++++----------------------
|
|
progs/getcap.c | 15 ++++++++-----
|
|
progs/getpcaps.c | 23 +++++++++++--------
|
|
progs/setcap.c | 10 ++++++++-
|
|
4 files changed, 65 insertions(+), 41 deletions(-)
|
|
|
|
diff --git a/progs/capsh.c b/progs/capsh.c
|
|
index 5ea340b..dfe420f 100644
|
|
--- a/progs/capsh.c
|
|
+++ b/progs/capsh.c
|
|
@@ -1,9 +1,10 @@
|
|
/*
|
|
* Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan <morgan@kernel.org>
|
|
*
|
|
- * This is a simple 'bash' (-DSHELL) wrapper program that can be used
|
|
- * to raise and lower both the bset and pI capabilities before
|
|
- * invoking /bin/bash.
|
|
+ * This is a multifunction shell wrapper tool that can be used to
|
|
+ * launch capable files in various ways with a variety of settings. It
|
|
+ * also supports some testing modes, which are used extensively as
|
|
+ * part of the libcap build system.
|
|
*
|
|
* The --print option can be used as a quick test whether various
|
|
* capability manipulations work as expected (or not).
|
|
@@ -909,41 +910,46 @@ int main(int argc, char *argv[], char *envp[])
|
|
exit(1);
|
|
}
|
|
cap_free(iab);
|
|
+ } else if (!strcmp("--license", argv[i])) {
|
|
+ printf(
|
|
+ "%s has a you choose license: BSD 3-clause or GPL2\n"
|
|
+ "Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan"
|
|
+ " <morgan@kernel.org>\n", argv[0]);
|
|
+ exit(0);
|
|
} else {
|
|
usage:
|
|
printf("usage: %s [args ...]\n"
|
|
- " --help, -h this message (or try 'man capsh')\n"
|
|
- " --print display capability relevant state\n"
|
|
- " --decode=xxx decode a hex string to a list of caps\n"
|
|
- " --supports=xxx exit 1 if capability xxx unsupported\n"
|
|
- " --has-p=xxx exit 1 if capability xxx not permitted\n"
|
|
- " --has-i=xxx exit 1 if capability xxx not inheritable\n"
|
|
- " --drop=xxx remove xxx,.. capabilities from bset\n"
|
|
- " --dropped=xxx exit 1 unless bounding cap xxx dropped\n"
|
|
- " --has-ambient exit 1 unless ambient vector supported\n"
|
|
" --has-a=xxx exit 1 if capability xxx not ambient\n"
|
|
+ " --has-ambient exit 1 unless ambient vector supported\n"
|
|
" --addamb=xxx add xxx,... capabilities to ambient set\n"
|
|
- " --delamb=xxx remove xxx,... capabilities from ambient\n"
|
|
- " --noamb reset (drop) all ambient capabilities\n"
|
|
+ " --cap-uid=<n> use libcap cap_setuid() to change uid\n"
|
|
" --caps=xxx set caps as per cap_from_text()\n"
|
|
- " --inh=xxx set xxx,.. inheritable set\n"
|
|
- " --secbits=<n> write a new value for securebits\n"
|
|
+ " --chroot=path chroot(2) to this path\n"
|
|
+ " --decode=xxx decode a hex string to a list of caps\n"
|
|
+ " --delamb=xxx remove xxx,... capabilities from ambient\n"
|
|
+ " --forkfor=<n> fork and make child sleep for <n> sec\n"
|
|
+ " --gid=<n> set gid to <n> (hint: id <username>)\n"
|
|
+ " --groups=g,... set the supplemental groups\n"
|
|
+ " --has-p=xxx exit 1 if capability xxx not permitted\n"
|
|
+ " --has-i=xxx exit 1 if capability xxx not inheritable\n"
|
|
+ " --help, -h this message (or try 'man capsh')\n"
|
|
" --iab=... use cap_iab_from_text() to set iab\n"
|
|
- " --keep=<n> set keep-capability bit to <n>\n"
|
|
- " --uid=<n> set uid to <n> (hint: id <username>)\n"
|
|
- " --cap-uid=<n> libcap cap_setuid() to change uid\n"
|
|
+ " --inh=xxx set xxx,.. inheritable set\n"
|
|
+ " --inmode=<xxx> exit 1 if current mode is not <xxx>\n"
|
|
" --is-uid=<n> exit 1 if uid != <n>\n"
|
|
- " --gid=<n> set gid to <n> (hint: id <username>)\n"
|
|
" --is-gid=<n> exit 1 if gid != <n>\n"
|
|
- " --groups=g,... set the supplemental groups\n"
|
|
- " --user=<name> set uid,gid and groups to that of user\n"
|
|
- " --chroot=path chroot(2) to this path\n"
|
|
+ " --keep=<n> set keep-capability bit to <n>\n"
|
|
+ " --killit=<n> send signal(n) to child\n"
|
|
+ " --license display license info\n"
|
|
" --modes list libcap named capability modes\n"
|
|
" --mode=<xxx> set capability mode to <xxx>\n"
|
|
- " --inmode=<xxx> exit 1 if current mode is not <xxx>\n"
|
|
- " --killit=<n> send signal(n) to child\n"
|
|
- " --forkfor=<n> fork and make child sleep for <n> sec\n"
|
|
+ " --noamb reset (drop) all ambient capabilities\n"
|
|
+ " --print display capability relevant state\n"
|
|
+ " --secbits=<n> write a new value for securebits\n"
|
|
" --shell=/xx/yy use /xx/yy instead of " SHELL " for --\n"
|
|
+ " --supports=xxx exit 1 if capability xxx unsupported\n"
|
|
+ " --uid=<n> set uid to <n> (hint: id <username>)\n"
|
|
+ " --user=<name> set uid,gid and groups to that of user\n"
|
|
" == re-exec(capsh) with args as for --\n"
|
|
" -- remaining arguments are for " SHELL "\n"
|
|
" (without -- [%s] will simply exit(0))\n",
|
|
diff --git a/progs/getcap.c b/progs/getcap.c
|
|
index e578bbd..208bd6a 100644
|
|
--- a/progs/getcap.c
|
|
+++ b/progs/getcap.c
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright (c) 1997,2007 Andrew G. Morgan <morgan@kernel.org>
|
|
+ * Copyright (c) 1997,2007 Andrew G. Morgan <morgan@kernel.org>
|
|
*
|
|
* This displays the capabilities of a given file.
|
|
*/
|
|
@@ -26,9 +26,9 @@ static int namespace = 0;
|
|
static void usage(int code)
|
|
{
|
|
fprintf(stderr,
|
|
- "usage: getcap [-v] [-r] [-h] [-n] <filename> [<filename> ...]\n"
|
|
- "\n"
|
|
- "\tdisplays the capabilities on the queried file(s).\n"
|
|
+ "usage: getcap [-h] [-l] [-n] [-r] [-v] <filename> [<filename> ...]\n"
|
|
+ "\n"
|
|
+ "\tdisplays the capabilities on the queried file(s).\n"
|
|
);
|
|
exit(code);
|
|
}
|
|
@@ -82,7 +82,7 @@ int main(int argc, char **argv)
|
|
{
|
|
int i, c;
|
|
|
|
- while ((c = getopt(argc, argv, "rvhn")) > 0) {
|
|
+ while ((c = getopt(argc, argv, "rvhnl")) > 0) {
|
|
switch(c) {
|
|
case 'r':
|
|
recursive = 1;
|
|
@@ -95,6 +95,11 @@ int main(int argc, char **argv)
|
|
break;
|
|
case 'h':
|
|
usage(0);
|
|
+ case 'l':
|
|
+ printf("%s has a you choose license: BSD 3-clause or GPL2\n"
|
|
+ "Copyright (c) 1997,2007 Andrew G. Morgan"
|
|
+ " <morgan@kernel.org>\n", argv[0]);
|
|
+ exit(0);
|
|
default:
|
|
usage(1);
|
|
}
|
|
diff --git a/progs/getpcaps.c b/progs/getpcaps.c
|
|
index 5cd81af..5bc511e 100644
|
|
--- a/progs/getpcaps.c
|
|
+++ b/progs/getpcaps.c
|
|
@@ -11,19 +11,19 @@
|
|
#include <stdlib.h>
|
|
#include <sys/capability.h>
|
|
|
|
-static void usage(int exiter)
|
|
+static void usage(int code)
|
|
{
|
|
fprintf(stderr,
|
|
"usage: getcaps <pid> [<pid> ...]\n\n"
|
|
" This program displays the capabilities on the queried process(es).\n"
|
|
-" The capabilities are displayed in the cap_from_text(3) format.\n\n"
|
|
-" Optional arguments:\n"
|
|
-" --help, -h or --usage display this message.\n"
|
|
-" --verbose use a more verbose output format.\n"
|
|
-" --ugly or --legacy use the archaic legacy output format.\n\n"
|
|
-"[Copyright (c) 1997-8,2007,2019 Andrew G. Morgan <morgan@kernel.org>]\n"
|
|
- );
|
|
- exit(exiter);
|
|
+ " The capabilities are displayed in the cap_from_text(3) format.\n"
|
|
+ "\n"
|
|
+ " Optional arguments:\n"
|
|
+ " --help, -h or --usage display this message.\n"
|
|
+ " --verbose use a more verbose output format.\n"
|
|
+ " --ugly or --legacy use the archaic legacy output format.\n"
|
|
+ " --license display license info\n");
|
|
+ exit(code);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
@@ -43,6 +43,11 @@ int main(int argc, char **argv)
|
|
if (!strcmp(argv[0], "--help") || !strcmp(argv[0], "--usage") ||
|
|
!strcmp(argv[0], "-h")) {
|
|
usage(0);
|
|
+ } else if (!strcmp(argv[0], "--license")) {
|
|
+ printf("%s has a you choose license: BSD 3-clause or GPL2\n"
|
|
+"[Copyright (c) 1997-8,2007,2019 Andrew G. Morgan <morgan@kernel.org>]\n",
|
|
+ argv[0]);
|
|
+ exit(0);
|
|
} else if (!strcmp(argv[0], "--verbose")) {
|
|
verbose = 1;
|
|
continue;
|
|
diff --git a/progs/setcap.c b/progs/setcap.c
|
|
index f675cdd..930429a 100644
|
|
--- a/progs/setcap.c
|
|
+++ b/progs/setcap.c
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright (c) 1997,2007-8 Andrew G. Morgan <morgan@kernel.org>
|
|
+ * Copyright (c) 1997,2007-8,2020 Andrew G. Morgan <morgan@kernel.org>
|
|
*
|
|
* This sets/verifies the capabilities of a given file.
|
|
*/
|
|
@@ -26,6 +26,7 @@ static void usage(int status)
|
|
" -q quietly\n"
|
|
" -v validate supplied capability matches file\n"
|
|
" -n <rootid> write a user namespace limited capability\n"
|
|
+ " --license display the license info\n"
|
|
);
|
|
exit(status);
|
|
}
|
|
@@ -91,6 +92,13 @@ int main(int argc, char **argv)
|
|
quiet = 1;
|
|
continue;
|
|
}
|
|
+ if (!strcmp("--license", *argv)) {
|
|
+ printf(
|
|
+ "%s has a you choose license: BSD 3-clause or GPL2\n"
|
|
+ "Copyright (c) 1997,2007-8,2020 Andrew G. Morgan"
|
|
+ " <morgan@kernel.org>\n", argv[0]);
|
|
+ exit(0);
|
|
+ }
|
|
if (!strcmp(*argv, "-h")) {
|
|
usage(0);
|
|
}
|
|
--
|
|
2.29.2
|
|
|