[arch-commits] Commit in libcap/trunk (4 files)

Hugo Doria hugo at archlinux.org
Wed Mar 11 22:06:39 UTC 2009


    Date: Wednesday, March 11, 2009 @ 18:06:39
  Author: hugo
Revision: 29694

upgpkg: libcap 2.16-1

Modified:
  libcap/trunk/PKGBUILD
Deleted:
  libcap/trunk/libcap-1.10-debian.patch
  libcap/trunk/libcap-1.10-fixcflags.patch
  libcap/trunk/libcap-1.10-shared.patch

-----------------------------+
 PKGBUILD                    |   22 -
 libcap-1.10-debian.patch    |  766 ------------------------------------------
 libcap-1.10-fixcflags.patch |   22 -
 libcap-1.10-shared.patch    |   17 
 4 files changed, 10 insertions(+), 817 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-03-11 18:46:59 UTC (rev 29693)
+++ PKGBUILD	2009-03-11 22:06:39 UTC (rev 29694)
@@ -1,20 +1,18 @@
 #$Id$
-# Maintainer: Arjan Timmerman <arjan at archlinux.org>
+# Maintainer: Hugo Doria <hugo at archlinux.org>
+
 pkgname=libcap
-pkgver=1.10
-pkgrel=2
+pkgver=2.16
+pkgrel=1
 pkgdesc="POSIX 1003.1e capabilities"
-arch=(i686 x86_64)
+arch=('i686' 'x86_64')
 url="http://www.kernel.org/pub/linux/libs/security/linux-privs/"
-license="GPL"
+license=('GPL')
 depends=('glibc')
-source=(http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/${pkgname}-${pkgver}.tar.gz
-	libcap-1.10-debian.patch)
-md5sums=('2c09eea823f67cfdde96177a959bc39b' 'ba642c86c4072917fcff77ec31411194')
+source=(http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/${pkgname}-${pkgver}.tar.gz)
+md5sums=('9e075fda242c4070ba76407064c13302')
 
 build() {
-  cd ${startdir}/src/${pkgname}-${pkgver}
-  patch -Np1 -i ${startdir}/src/libcap-1.10-debian.patch || return 1
-  make prefix=/usr DESTDIR=${startdir}/pkg install
-  rmdir ${startdir}/pkg/usr/share/man/man2
+  cd ${srcdir}/${pkgname}-${pkgver}
+  make prefix=/usr DESTDIR=${pkgdir} install
 }

Deleted: libcap-1.10-debian.patch
===================================================================
--- libcap-1.10-debian.patch	2009-03-11 18:46:59 UTC (rev 29693)
+++ libcap-1.10-debian.patch	2009-03-11 22:06:39 UTC (rev 29694)
@@ -1,766 +0,0 @@
---- libcap-1.10.orig/doc/old/cap_set_fd.3
-+++ libcap-1.10/doc/old/cap_set_fd.3
-@@ -0,0 +1 @@
-+.so man3/cap_get_file.3
---- libcap-1.10.orig/doc/old/cap_set_file.3
-+++ libcap-1.10/doc/old/cap_set_file.3
-@@ -0,0 +1 @@
-+.so man3/cap_get_file.3
---- libcap-1.10.orig/doc/capset.2
-+++ libcap-1.10/doc/capset.2
-@@ -1 +1 @@
--.so man2/capget.2
-+#.so man2/capget.2
---- libcap-1.10.orig/doc/Makefile
-+++ libcap-1.10/doc/Makefile
-@@ -7,7 +7,7 @@
- topdir=$(shell pwd)/..
- include $(topdir)/Make.Rules
- 
--MAN2S = capget.2 capset.2
-+#MAN2S = capget.2 
- MAN3S = cap_init.3 cap_free.3 cap_dup.3 \
- 	cap_clear.3 cap_get_flag.3 cap_set_flag.3 \
- 	cap_get_proc.3 cap_set_proc.3 \
---- libcap-1.10.orig/Make.Rules
-+++ libcap-1.10/Make.Rules
-@@ -8,7 +8,7 @@
- 
- # common 'packaging' directoty
- 
--FAKEROOT=
-+FAKEROOT=$(DESTDIR)
- 
- # Autoconf-style prefixes are activated when $(prefix) is defined.
- # Otherwise binaries and libraraies are installed in /{lib,sbin}/,
-@@ -18,13 +18,13 @@
- exec_prefix=$(prefix)
- lib_prefix=$(exec_prefix)
- inc_prefix=$(lib_prefix)
--man_prefix=$(prefix)
-+man_prefix=$(prefix)/share
- else
- prefix=/usr
- exec_prefix=
- lib_prefix=$(exec_prefix)
- inc_prefix=$(prefix)
--man_prefix=$(prefix)
-+man_prefix=$(prefix)/share
- endif
- 
- # Target directories
-@@ -42,7 +42,7 @@
- # Compilation specifics
- 
- CC=gcc
--COPTFLAGS=-O2
-+COPTFLAGS=-O2 
- DEBUG=-g #-DDEBUG
- WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
-         -Wpointer-arith -Wcast-qual -Wcast-align \
---- libcap-1.10.orig/Makefile
-+++ libcap-1.10/Makefile
-@@ -3,17 +3,20 @@
- #
- # Makefile for libcap
- 
-+ifndef topdir
- topdir=$(shell pwd)
--include Make.Rules
-+endif
-+include $(topdir)/Make.Rules
-+DESTDIR=
- 
- #
- # flags
- #
- 
- all install clean: %: %-here
--	make -C libcap $(MAKE_DEFS) $@
--	make -C progs $(MAKE_DEFS) $@
--	make -C doc $(MAKE_DEFS) $@
-+	make -C $(topdir)/libcap $(MAKE_DEFS) $@
-+	make -C $(topdir)/progs $(MAKE_DEFS) $@
-+	make -C $(topdir)/doc $(MAKE_DEFS) $@
- 
- all-here:
- 
---- libcap-1.10.orig/libcap/include/sys/capability.h
-+++ libcap-1.10/libcap/include/sys/capability.h
-@@ -21,7 +21,288 @@
-  */
- 
- #include <sys/types.h>
--#include <linux/capability.h>
-+/*
-+ * This is <linux/capability.h>
-+ *
-+ * Andrew G. Morgan <morgan at transmeta.com>
-+ * Alexander Kjeldaas <astor at guardian.no>
-+ * with help from Aleph1, Roland Buresund and Andrew Main.
-+ *
-+ * See here for the libcap library ("POSIX draft" compliance):
-+ *
-+ * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/
-+ */ 
-+
-+#ifndef _LINUX_CAPABILITY_H
-+#define _LINUX_CAPABILITY_H
-+
-+#include <linux/types.h>
-+/*#include <linux/fs.h>*/
-+	
-+/* User-level do most of the mapping between kernel and user
-+   capabilities based on the version tag given by the kernel. The
-+   kernel might be somewhat backwards compatible, but don't bet on
-+   it. */
-+
-+/* XXX - Note, cap_t, is defined by POSIX to be an "opaque" pointer to
-+   a set of three capability sets.  The transposition of 3*the
-+   following structure to such a composite is better handled in a user
-+   library since the draft standard requires the use of malloc/free
-+   etc.. */
-+ 
-+#define _LINUX_CAPABILITY_VERSION  0x19980330
-+
-+typedef struct __user_cap_header_struct {
-+	__u32 version;
-+	int pid;
-+} *cap_user_header_t;
-+ 
-+typedef struct __user_cap_data_struct {
-+        __u32 effective;
-+        __u32 permitted;
-+        __u32 inheritable;
-+} *cap_user_data_t;
-+  
-+#ifdef __KERNEL__
-+
-+/* #define STRICT_CAP_T_TYPECHECKS */
-+
-+#ifdef STRICT_CAP_T_TYPECHECKS
-+
-+typedef struct kernel_cap_struct {
-+	__u32 cap;
-+} kernel_cap_t;
-+
-+#else
-+
-+typedef __u32 kernel_cap_t;
-+
-+#endif
-+  
-+#define _USER_CAP_HEADER_SIZE  (2*sizeof(__u32))
-+#define _KERNEL_CAP_T_SIZE     (sizeof(kernel_cap_t))
-+
-+#endif
-+
-+
-+/**
-+ ** POSIX-draft defined capabilities. 
-+ **/
-+
-+/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
-+   overrides the restriction of changing file ownership and group
-+   ownership. */
-+
-+#define CAP_CHOWN            0
-+
-+/* Override all DAC access, including ACL execute access if
-+   [_POSIX_ACL] is defined. Excluding DAC access covered by
-+   CAP_LINUX_IMMUTABLE. */
-+
-+#define CAP_DAC_OVERRIDE     1
-+
-+/* Overrides all DAC restrictions regarding read and search on files
-+   and directories, including ACL restrictions if [_POSIX_ACL] is
-+   defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
-+
-+#define CAP_DAC_READ_SEARCH  2
-+    
-+/* Overrides all restrictions about allowed operations on files, where
-+   file owner ID must be equal to the user ID, except where CAP_FSETID
-+   is applicable. It doesn't override MAC and DAC restrictions. */
-+
-+#define CAP_FOWNER           3
-+
-+/* Overrides the following restrictions that the effective user ID
-+   shall match the file owner ID when setting the S_ISUID and S_ISGID
-+   bits on that file; that the effective group ID (or one of the
-+   supplementary group IDs) shall match the file owner ID when setting
-+   the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
-+   cleared on successful return from chown(2) (not implemented). */
-+
-+#define CAP_FSETID           4
-+
-+/* Used to decide between falling back on the old suser() or fsuser(). */
-+
-+#define CAP_FS_MASK          0x1f
-+
-+/* Overrides the restriction that the real or effective user ID of a
-+   process sending a signal must match the real or effective user ID
-+   of the process receiving the signal. */
-+
-+#define CAP_KILL             5
-+
-+/* Allows setgid(2) manipulation */
-+/* Allows setgroups(2) */
-+/* Allows forged gids on socket credentials passing. */
-+
-+#define CAP_SETGID           6
-+
-+/* Allows set*uid(2) manipulation (including fsuid). */
-+/* Allows forged pids on socket credentials passing. */
-+
-+#define CAP_SETUID           7
-+
-+
-+/**
-+ ** Linux-specific capabilities
-+ **/
-+
-+/* Transfer any capability in your permitted set to any pid,
-+   remove any capability in your permitted set from any pid */
-+
-+#define CAP_SETPCAP          8
-+
-+/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */
-+
-+#define CAP_LINUX_IMMUTABLE  9
-+
-+/* Allows binding to TCP/UDP sockets below 1024 */
-+/* Allows binding to ATM VCIs below 32 */
-+
-+#define CAP_NET_BIND_SERVICE 10
-+
-+/* Allow broadcasting, listen to multicast */
-+
-+#define CAP_NET_BROADCAST    11
-+
-+/* Allow interface configuration */
-+/* Allow administration of IP firewall, masquerading and accounting */
-+/* Allow setting debug option on sockets */
-+/* Allow modification of routing tables */
-+/* Allow setting arbitrary process / process group ownership on
-+   sockets */
-+/* Allow binding to any address for transparent proxying */
-+/* Allow setting TOS (type of service) */
-+/* Allow setting promiscuous mode */
-+/* Allow clearing driver statistics */
-+/* Allow multicasting */
-+/* Allow read/write of device-specific registers */
-+/* Allow activation of ATM control sockets */
-+
-+#define CAP_NET_ADMIN        12
-+
-+/* Allow use of RAW sockets */
-+/* Allow use of PACKET sockets */
-+
-+#define CAP_NET_RAW          13
-+
-+/* Allow locking of shared memory segments */
-+/* Allow mlock and mlockall (which doesn't really have anything to do
-+   with IPC) */
-+
-+#define CAP_IPC_LOCK         14
-+
-+/* Override IPC ownership checks */
-+
-+#define CAP_IPC_OWNER        15
-+
-+/* Insert and remove kernel modules - modify kernel without limit */
-+/* Modify cap_bset */
-+#define CAP_SYS_MODULE       16
-+
-+/* Allow ioperm/iopl access */
-+/* Allow sending USB messages to any device via /proc/bus/usb */
-+
-+#define CAP_SYS_RAWIO        17
-+
-+/* Allow use of chroot() */
-+
-+#define CAP_SYS_CHROOT       18
-+
-+/* Allow ptrace() of any process */
-+
-+#define CAP_SYS_PTRACE       19
-+
-+/* Allow configuration of process accounting */
-+
-+#define CAP_SYS_PACCT        20
-+
-+/* Allow configuration of the secure attention key */
-+/* Allow administration of the random device */
-+/* Allow examination and configuration of disk quotas */
-+/* Allow configuring the kernel's syslog (printk behaviour) */
-+/* Allow setting the domainname */
-+/* Allow setting the hostname */
-+/* Allow calling bdflush() */
-+/* Allow mount() and umount(), setting up new smb connection */
-+/* Allow some autofs root ioctls */
-+/* Allow nfsservctl */
-+/* Allow VM86_REQUEST_IRQ */
-+/* Allow to read/write pci config on alpha */
-+/* Allow irix_prctl on mips (setstacksize) */
-+/* Allow flushing all cache on m68k (sys_cacheflush) */
-+/* Allow removing semaphores */
-+/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
-+   and shared memory */
-+/* Allow locking/unlocking of shared memory segment */
-+/* Allow turning swap on/off */
-+/* Allow forged pids on socket credentials passing */
-+/* Allow setting readahead and flushing buffers on block devices */
-+/* Allow setting geometry in floppy driver */
-+/* Allow turning DMA on/off in xd driver */
-+/* Allow administration of md devices (mostly the above, but some
-+   extra ioctls) */
-+/* Allow tuning the ide driver */
-+/* Allow access to the nvram device */
-+/* Allow administration of apm_bios, serial and bttv (TV) device */
-+/* Allow manufacturer commands in isdn CAPI support driver */
-+/* Allow reading non-standardized portions of pci configuration space */
-+/* Allow DDI debug ioctl on sbpcd driver */
-+/* Allow setting up serial ports */
-+/* Allow sending raw qic-117 commands */
-+/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
-+   arbitrary SCSI commands */
-+/* Allow setting encryption key on loopback filesystem */
-+
-+#define CAP_SYS_ADMIN        21
-+
-+/* Allow use of reboot() */
-+
-+#define CAP_SYS_BOOT         22
-+
-+/* Allow raising priority and setting priority on other (different
-+   UID) processes */
-+/* Allow use of FIFO and round-robin (realtime) scheduling on own
-+   processes and setting the scheduling algorithm used by another
-+   process. */
-+
-+#define CAP_SYS_NICE         23
-+
-+/* Override resource limits. Set resource limits. */
-+/* Override quota limits. */
-+/* Override reserved space on ext2 filesystem */
-+/* NOTE: ext2 honors fsuid when checking for resource overrides, so 
-+   you can override using fsuid too */
-+/* Override size restrictions on IPC message queues */
-+/* Allow more than 64hz interrupts from the real-time clock */
-+/* Override max number of consoles on console allocation */
-+/* Override max number of keymaps */
-+
-+#define CAP_SYS_RESOURCE     24
-+
-+/* Allow manipulation of system clock */
-+/* Allow irix_stime on mips */
-+/* Allow setting the real-time clock */
-+
-+#define CAP_SYS_TIME         25
-+
-+/* Allow configuration of tty devices */
-+/* Allow vhangup() of tty */
-+
-+#define CAP_SYS_TTY_CONFIG   26
-+
-+/* Allow the privileged aspects of mknod() */
-+
-+#define CAP_MKNOD            27
-+
-+/* Allow taking of leases on files */
-+
-+#define CAP_LEASE            28
-+
-+#endif /* !_LINUX_CAPABILITY_H */
-+
-+
- 
- /*
-  * POSIX capability types
---- libcap-1.10.orig/libcap/Makefile
-+++ libcap-1.10/libcap/Makefile
-@@ -24,12 +24,15 @@
- #
- # defines
- #
-+ifndef $(topdir)
- topdir=$(shell pwd)/..
--include ../Make.Rules
-+endif
-+include $(topdir)/Make.Rules
-+
- #
- # Library version
- #
--LIBNAME=libcap.so
-+LIBNAME=libcap
- #
- 
- FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys
-@@ -39,10 +42,11 @@
- 
- INCLS=libcap.h cap_names.h $(INCS)
- OBJS=$(addsuffix .o, $(FILES))
--MAJLIBNAME=$(LIBNAME).$(VERSION)
-+LOBJS=$(addsuffix .lo, $(FILES))
-+MAJLIBNAME=$(LIBNAME).so.$(VERSION)
- MINLIBNAME=$(MAJLIBNAME).$(MINOR)
- 
--all: $(MINLIBNAME)
-+all: $(MINLIBNAME) $(LIBNAME).a
- 
- _makenames: _makenames.c cap_names.sed
- 	$(CC) $(CFLAGS) $(LDFLAGS) $< -o $@
-@@ -50,31 +54,38 @@
- cap_names.h: _makenames
- 	./_makenames > cap_names.h
- 
--cap_names.sed: Makefile /usr/include/linux/capability.h
--	@echo "=> making cap_names.c from <linux/capability.h>"
--	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
--#	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
-+cap_names.sed: Makefile include/sys/capability.h
-+	@echo "=> making cap_names.c from <sys/capability.h>"
-+	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < include/sys/capability.h | fgrep -v 0x > cap_names.sed #   @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
-+
-+$(LIBNAME).a: $(OBJS)
-+	ar cruv $(LIBNAME).a $(OBJS)
- 
--$(MINLIBNAME): $(OBJS)
--	$(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS)
-+$(MINLIBNAME): $(LOBJS)
-+	$(CC) -shared -fPIC -Wl,-soname,$(MAJLIBNAME) -o $@ $(LOBJS)
- 	ln -sf $(MINLIBNAME) $(MAJLIBNAME)
--	ln -sf $(MAJLIBNAME) $(LIBNAME)
-+	ln -sf $(MAJLIBNAME) $(LIBNAME).so
- 
- %.o: %.c $(INCLS)
- 	$(CC) $(CFLAGS) -c $< -o $@
- 
-+%.lo: %.c $(INCLS)
-+	$(CC) $(CFLAGS) -fPIC -c $< -o $@
-+
-+
- install: all
- 	mkdir -p -m 0755 $(INCDIR)/sys
- 	install -m 0644 include/sys/capability.h $(INCDIR)/sys
- 	mkdir -p -m 0755 $(LIBDIR)
-+	install -m 0644 $(LIBNAME).a $(LIBDIR)
- 	install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME)
- 	ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME)
--	ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME)
-+	ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME).so
- 	-/sbin/ldconfig
- 
- clean:
- 	$(LOCALCLEAN)
--	rm -f $(OBJS) $(LIBNAME)*
-+	rm -f $(OBJS) $(LOBJS) $(LIBNAME).a $(LIBNAME).so*
- 	rm -f cap_names.h cap_names.sed _makenames
- 	cd include/sys && $(LOCALCLEAN)
- 
---- libcap-1.10.orig/libcap/_makenames.c
-+++ libcap-1.10/libcap/_makenames.c
-@@ -9,7 +9,7 @@
- 
- #include <stdio.h>
- #include <stdlib.h>
--#include <linux/capability.h>
-+#include <sys/capability.h>
- 
- /*
-  * #include 'sed' generated array
---- libcap-1.10.orig/libcap/cap_sys.c
-+++ libcap-1.10/libcap/cap_sys.c
-@@ -10,7 +10,8 @@
- #include "libcap.h"
- #define __LIBRARY__
- #include <linux/unistd.h>
--
-+/* glic >= 2.1 knows capset/capget. no need to define it here */ 
-+/* 
- _syscall2(int, capget,
- 	  cap_user_header_t, header,
- 	  cap_user_data_t, data)
-@@ -18,7 +19,7 @@
- _syscall2(int, capset,
- 	  cap_user_header_t, header,
- 	  const cap_user_data_t, data)
--
-+*/
- /*
-  * $Log: libcap-1.10-debian.patch,v $
-  * Revision 1.1  2006/10/29 23:14:00  jgc
-  * upgpkg: libcap 1.10-2
-  * Remove amd64 patches that messed things up
-  * Apply debian patch to make it build again
-  * Remove empty man2 directory the right way
-  *
-  * Revision 1.1.1.1 1999/04/17 22:16:31  morgan
---- libcap-1.10.orig/capfaq-0.2.txt
-+++ libcap-1.10/capfaq-0.2.txt
-@@ -0,0 +1,264 @@
-+This is the Linux kernel capabilities FAQ
-+
-+Its history, to the extent that I am able to reconstruct it is that
-+v2.0 was posted to the Linux kernel list on 1999/04/02 by Boris
-+Tobotras. Thanks to Denis Ducamp for forwarding me a copy.
-+
-+Cheers
-+
-+Andrew
-+
-+Linux Capabilities FAQ 0.2
-+==========================
-+
-+1) What is a capability?
-+
-+The name "capabilities" as used in the Linux kernel can be confusing.
-+First there are Capabilities as defined in computer science. A
-+capability is a token used by a process to prove that it is allowed to
-+do an operation on an object.  The capability identifies the object
-+and the operations allowed on that object.  A file descriptor is a
-+capability.  You create the file descriptor with the "open" call and
-+request read or write permissions.  Later, when doing a read or write
-+operation, the kernel uses the file descriptor as an index into a
-+data structure that indicates what operations are allowed.  This is an
-+efficient way to check permissions.  The necessary data structures are
-+created once during the "open" call.  Later read and write calls only
-+have to do a table lookup.  Operations on capabilities include copying
-+capabilities, transferring capabilities between processes, modifying a
-+capability, and revoking a capability.  Modifying a capability can be
-+something like taking a read-write filedescriptor and making it
-+read-only.  A capability often has a notion of an "owner" which is
-+able to invalidate all copies and derived versions of a capability.
-+Entire OSes are based on this "capability" model, with varying degrees
-+of purity.  There are other ways of implementing capabilities than the
-+file descriptor model - traditionally special hardware has been used,
-+but modern systems also use the memory management unit of the CPU.
-+
-+Then there is something quite different called "POSIX capabilities"
-+which is what Linux uses.  These capabilities are a partitioning of
-+the all powerful root privilege into a set of distinct privileges (but
-+look at securelevel emulation to find out that this isn't necessary
-+the whole truth).  Users familiar with VMS or "Trusted" versions of
-+other UNIX variants will know this under the name "privileges".  The
-+name "capabilities" comes from the now defunct POSIX draft 1003.1e
-+which used this name.
-+
-+2) So what is a "POSIX capability"?
-+
-+A process has three sets of bitmaps called the inheritable(I),
-+permitted(P), and effective(E) capabilities.  Each capability is
-+implemented as a bit in each of these bitmaps which is either set or
-+unset.  When a process tries to do a privileged operation, the
-+operating system will check the appropriate bit in the effective set
-+of the process (instead of checking whether the effective uid of the
-+process i 0 as is normally done).  For example, when a process tries
-+to set the clock, the Linux kernel will check that the process has the
-+CAP_SYS_TIME bit (which is currently bit 25) set in its effective set.
-+
-+The permitted set of the process indicates the capabilities the
-+process can use.  The process can have capabilities set in the
-+permitted set that are not in the effective set.  This indicates that
-+the process has temporarily disabled this capability.  A process is
-+allowed to set a bit in its effective set only if it is available in
-+the permitted set.  The distinction between effective and permitted
-+exists so that processes can "bracket" operations that need privilege.
-+
-+The inheritable capabilities are the capabilities of the current
-+process that should be inherited by a program executed by the current
-+process.  The permitted set of a process is masked against the
-+inheritable set during exec().  Nothing special happens during fork()
-+or clone().  Child processes and threads are given an exact copy of
-+the capabilities of the parent process.
-+
-+3) What about other entities in the system? Users, Groups, Files?
-+
-+Files have capabilities.  Conceptually they have the same three
-+bitmaps that processes have, but to avoid confusion we call them by
-+other names.  Only executable files have capabilities, libraries don't
-+have capabilities (yet).  The three sets are called the allowed set,
-+the forced set, and the effective set.
-+
-+The allowed set indicates what capabilities the executable is allowed
-+to receive from an execing process.  This means that during exec(),
-+the capabilities of the old process are first masked against a set
-+which indicates what the process gives away (the inheritable set of
-+the process), and then they are masked against a set which indicates
-+what capabilities the new process image is allowed to receive (the
-+allowed set of the executable).
-+
-+The forced set is a set of capabilities created out of thin air and
-+given to the process after execing the executable.  The forced set is
-+similar in nature to the setuid feature.  In fact, the setuid bit from
-+the filesystem is "read" as a full forced set by the kernel.
-+
-+The effective set indicates which bits in the permitted set of the new
-+process should be transferred to the effective set of the new process.
-+The effective set is best thought of as a "capability aware" set.  It
-+should consist of only 1s if the executable is capability-dumb, or
-+only 0s if the executable is capability-smart.  Since the effective
-+set consists of only 0s or only 1s, the filesystem can implement this
-+set using a single bit.
-+
-+NOTE: Filesystem support for capabilities is not part of Linux 2.2.
-+
-+Users and Groups don't have associated capabilities from the kernel's
-+point of view, but it is entirely reasonable to associate users or
-+groups with capabilities.  By letting the "login" program set some
-+capabilities it is possible to make role users such as a backup user
-+that will have the CAP_DAC_READ_SEARCH capability and be able to do
-+backups.  This could also be implemented as a PAM module, but nobody
-+has implemented one yet.
-+
-+4) What capabilities exist?
-+
-+The capabilities available in Linux are listed and documented in the
-+file /usr/src/linux/include/linux/capability.h.
-+
-+5) Are Linux capabilities hierarchical?
-+
-+No, you cannot make a "subcapability" out of a Linux capability as in
-+capability-based OSes.
-+
-+6) How can I use capabilities to make sure Mr. Evil Luser (eluser)
-+can't exploit my "suid" programs?
-+
-+This is the general outline of how this works given filesystem
-+capability support exists.  First, you have a PAM module that sets the
-+inheritable capabilities of the login-shell of eluser.  Then for all
-+"suid" programs on the system, you decide what capabilities they need
-+and set the _allowed_ set of the executable to that set of
-+capabilities.  The capability rules
-+
-+   new permitted = forced | (allowed & inheritable)
-+
-+means that you should be careful about setting forced capabilities on
-+executables.  In a few cases, this can be useful though.  For example
-+the login program needs to set the inheritable set of the new user and
-+therefore needs an almost full permitted set.  So if you want eluser
-+to be able to run login and log in as a different user, you will have
-+to set some forced bits on that executable.
-+
-+7) What about passing capabilities between processes?
-+
-+Currently this is done by the system call "setcap" which can set the
-+capabilities of another process.  This requires the CAP_SETPCAP
-+capability which you really only want to grant a _few_ processes.
-+CAP_SETPCAP was originally intended as a workaround to be able to
-+implement filesystem support for capabilities using a daemon outside
-+the kernel.
-+
-+There has been discussions about implementing socket-level capability
-+passing.  This means that you can pass a capability over a socket.  No
-+support for this exists in the official kernel yet.
-+
-+8) I see securelevel has been removed from 2.2 and are superceeded by
-+capabilities.  How do I emulate securelevel using capabilities?
-+
-+The setcap system call can remove a capability from _all_ processes on
-+the system in one atomic operation.  The setcap utility from the
-+libcap distribution will do this for you.  The utility requires the
-+CAP_SETPCAP privilege to do this.  The CAP_SETPCAP capability is not
-+enabled by default.
-+
-+libcap is available from
-+ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/
-+
-+9) I noticed that the capability.h file lacks some capabilities that
-+are needed to fully emulate 2.0 securelevel.  Is there a patch for
-+this?
-+
-+Actually yes - funny you should ask :-).  The problem with 2.0
-+securelevel is that they for example stop root from accessing block
-+devices.  At the same time they restrict the use of iopl.  These two
-+changes are fundamentally different.  Blocking access to block devices
-+means restricting something that usually isn't restricted.
-+Restricting access to the use of iopl on the other hand means
-+restricting (blocking) access to something that is already blocked.
-+Emulating the parts of 2.0 securelevel that restricts things that are
-+normally not restricted means that the capabilites in the kernel has
-+to have a set of capabilities that are usually _on_ for a normal
-+process (note that this breaks the explanation that capabilities are a
-+partitioning of the root privileges).  There is an experimental patch at
-+
-+ftp://ftp.guardian.no/pub/free/linux/capabilities/patch-cap-exp-1
-+
-+which implements a set of capabilities with the "CAP_USER" prefix:
-+
-+cap_user_sock  - allowed to use socket()
-+cap_user_dev   - allowed to open char/block devices
-+cap_user_fifo  - allowed to use pipes
-+
-+These should be enough to emulate 2.0 securelevel (tell me if we need
-+something more).
-+
-+10) Seems I need a CAP_SETPCAP capability that I don't have to make use
-+of capabilities.  How do I enable this capability?
-+
-+Change the definition of CAP_INIT_EFF_SET and CAP_INIT_INH_SET to the
-+following in include/linux/capability.h:
-+
-+#define CAP_INIT_EFF_SET    { ~0 }
-+#define CAP_INIT_INH_SET    { ~0 }
-+
-+This will start init with a full capability set and not with
-+CAP_SETPCAP removed.
-+
-+11) How do I start a process with a limited set of capabilities?
-+
-+Get the libcap library and use the execcap utility.  The following
-+example starts the update daemon with only the CAP_SYS_ADMIN
-+capability.
-+
-+execcap 'cap_sys_admin=eip' update
-+
-+12) How do I start a process with a limited set of capabilities under
-+another uid?
-+
-+Use the sucap utility which changes uid from root without loosing any
-+capabilities.  Normally all capabilities are cleared when changing uid
-+from root.  The sucap utility requires the CAP_SETPCAP capability.
-+The following example starts updated under uid updated and gid updated
-+with CAP_SYS_ADMIN raised in the Effective set.
-+
-+sucap updated updated execcap 'cap_sys_admin=eip' update
-+
-+[ Sucap is currently available from
-+ftp://ftp.guardian.no/pub/free/linux/capabilities/sucap.c. Put it in
-+the progs directory of libcap to compile.]
-+
-+13) What are the "capability rules"
-+
-+The capability rules are the rules used to set the capabilities of the
-+new process image after an exec.  They work like this:
-+
-+        pI' = pI
-+  (***) pP' = fP | (fI & pI)
-+        pE' = pP' & fE          [NB. fE is 0 or ~0]
-+
-+  I=Inheritable, P=Permitted, E=Effective // p=process, f=file
-+  ' indicates post-exec().
-+
-+Now to make sense of the equations think of fP as the Forced set of
-+the executable, and fI as the Allowed set of the executable.  Notice
-+how the Inheritable set isn't touched at all during exec().
-+
-+14) What are the laws for setting capability bits in the Inheritable,
-+Permitted, and Effective sets?
-+
-+Bits can be transferred from Permitted to either Effective or
-+Inheritable set.
-+
-+Bits can be removed from all sets.
-+
-+15) Where is the standard on which the Linux capabilities are based?
-+
-+There used to be a POSIX draft called POSIX.6 and later POSIX 1003.1e.
-+However after the committee had spent over 10 years, POSIX decided
-+that enough is enough and dropped the draft.  There will therefore not
-+be a POSIX standard covering security anytime soon.  This may lead to
-+that the POSIX draft is available for free, however.
-+
-+--
-+        Best regards, -- Boris.
-+

Deleted: libcap-1.10-fixcflags.patch
===================================================================
--- libcap-1.10-fixcflags.patch	2009-03-11 18:46:59 UTC (rev 29693)
+++ libcap-1.10-fixcflags.patch	2009-03-11 22:06:39 UTC (rev 29694)
@@ -1,22 +0,0 @@
-diff -Naur libcap-1.10.orig/Make.Rules libcap-1.10/Make.Rules
---- libcap-1.10.orig/Make.Rules	2005-05-30 16:10:07.000000000 +0000
-+++ libcap-1.10/Make.Rules	2005-05-30 16:11:18.000000000 +0000
-@@ -42,8 +42,8 @@
- # Compilation specifics
- 
- CC=gcc
--COPTFLAGS=-O2
--DEBUG=-g #-DDEBUG
-+COPTFLAGS=-O2 -fPIC
-+DEBUG=
- WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
-         -Wpointer-arith -Wcast-qual -Wcast-align \
-         -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
-@@ -54,7 +54,7 @@
- IPATH=-I$(topdir)/libcap/include
- INCS=$(topdir)/libcap/include/sys/capability.h
- LIBS=-L$(topdir)/libcap -lcap
--CFLAGS=-Dlinux $(WARNINGS) $(DEBUG) $(COPTFLAG) $(IPATH)
-+CFLAGS+=-Dlinux $(WARNINGS) $(DEBUG) $(COPTFLAG) $(IPATH)
- 
- # Global cleanup stuff
\ No newline at end of file

Deleted: libcap-1.10-shared.patch
===================================================================
--- libcap-1.10-shared.patch	2009-03-11 18:46:59 UTC (rev 29693)
+++ libcap-1.10-shared.patch	2009-03-11 22:06:39 UTC (rev 29694)
@@ -1,17 +0,0 @@
---- libcap-1.11/libcap/Makefile.shared	1999-04-17 18:16:31.000000000 -0400
-+++ libcap-1.11/libcap/Makefile	2002-07-19 06:24:23.000000000 -0400
-@@ -56,12 +56,12 @@ cap_names.sed: Makefile /usr/include/lin
- #	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
- 
- $(MINLIBNAME): $(OBJS)
--	$(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS)
-+	$(CC) -Wl,-soname,$(MAJLIBNAME) -Wl,-x -shared -o $@ $(OBJS)
- 	ln -sf $(MINLIBNAME) $(MAJLIBNAME)
- 	ln -sf $(MAJLIBNAME) $(LIBNAME)
- 
- %.o: %.c $(INCLS)
--	$(CC) $(CFLAGS) -c $< -o $@
-+	$(CC) $(CFLAGS) -fpic -c $< -o $@
- 
- install: all
- 	mkdir -p -m 0755 $(INCDIR)/sys




More information about the arch-commits mailing list