delta/libcap2.git/libcap/include, branch master git.kernel.org: pub/scm/linux/kernel/git/morgan/libcap.git Implement libcap:cap_proc_root() function. 2021-08-27T17:27:04+00:00 Andrew G. Morgan morgan@kernel.org 2021-08-27T17:20:21+00:00 b56400f81ddd42e0e57372c957e668e6d5a72834 This is needed to locally configure libcap to find the pid data if the proc filesystem is not mounted at "/proc" (rare). Currently libcap only uses this info to implement cap_iab_get_pid(). This brings libcap back to parity with the Go "cap" package. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
This is needed to locally configure libcap to find the pid data
if the proc filesystem is not mounted at "/proc" (rare). Currently
libcap only uses this info to implement cap_iab_get_pid().

This brings libcap back to parity with the Go "cap" package.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Add cap_iab_{compare,get_pid} functions to libcap; --iab to getpcaps. 2021-08-23T04:13:56+00:00 Andrew G. Morgan morgan@kernel.org 2021-08-23T03:58:04+00:00 4f45bcc83545efdb4ffc5b9c05e1dbabe196339d This brings libcap back to parity with the Go 'cap' package. We provide a CAP_IAB_DIFFERS(result, vector) macro to evaluate the result of cap_iab_compare(). Extend the getpcaps arguments to include --iab. This causes the utility to explore the IAB tuple for the specified process. When used, this outputs a text representation in a similar format to that of the 'captree' (Go) utility. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
This brings libcap back to parity with the Go 'cap' package. We
provide a CAP_IAB_DIFFERS(result, vector) macro to evaluate the result
of cap_iab_compare().

Extend the getpcaps arguments to include --iab. This causes the utility
to explore the IAB tuple for the specified process. When used, this
outputs a text representation in a similar format to that of the
'captree' (Go) utility.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Add fill support for the 1e capabilities 2021-06-19T20:58:36+00:00 Andrew G. Morgan morgan@kernel.org 2021-06-19T20:58:36+00:00 c89405455d3b730e933aa0520ca3c57a07117b80 We previously added a cap_iab_fill() etc, functions. Bring the regular capability flag manipulation API into alignment by adding libcap.cap_fill() and (*cap.Set).Fill(). Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
We previously added a cap_iab_fill() etc, functions. Bring the
regular capability flag manipulation API into alignment by
adding libcap.cap_fill() and (*cap.Set).Fill().

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Stabilize exporting capabilities into a comparable external format 2021-06-19T20:20:41+00:00 Andrew G. Morgan morgan@kernel.org 2021-06-19T20:20:10+00:00 1a5a67b48cbcb83a968f973b2207c1d4b833a6dd A desire for this stabilization came out of a conversation with a Google colleague, Mike Schilling. This commit unifies the default libcap/cap (Go) behavior with libcap2 with respect to the binary output of cap.Export(). Previously, libcap/cap.Export() could generate shorter binary values. [To restore that behavior, set libcap/cap.MinExtFlagSize = 0.] Looking to some point in the distant future, this also prepares libcap to retain the same exported binary representation for capabilities defineable today... That is, if the kernel were to extend the capability flags to be 96 bits, but a capability of "cap_chown=ep" would not touch any of the higher bits, an 'exported' capability in external format should not need to change. (Setting libcap/cap.MinExtFlagSize = 0, cap.Export() => 8 bytes for this capability set in external format. However, libcap and libcap/cap now both default to 29 bytes. That is libcap2 has the more significant legacy footprint.) In all cases, libcap/cap and libcap2 were previously interoperable, being able to import each others exported format. This remains true [independent of the setting of libcap/cap.MinExtFlagSize]. Addresses this bug: https://bugzilla.kernel.org/show_bug.cgi?id=213375 Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
A desire for this stabilization came out of a conversation with a
Google colleague, Mike Schilling.

This commit unifies the default libcap/cap (Go) behavior with libcap2
with respect to the binary output of cap.Export(). Previously,
libcap/cap.Export() could generate shorter binary values. [To restore
that behavior, set libcap/cap.MinExtFlagSize = 0.]

Looking to some point in the distant future, this also prepares libcap
to retain the same exported binary representation for capabilities
defineable today... That is, if the kernel were to extend the capability
flags to be 96 bits, but a capability of "cap_chown=ep" would not touch
any of the higher bits, an 'exported' capability in external format
should not need to change. (Setting libcap/cap.MinExtFlagSize = 0,
cap.Export() => 8 bytes for this capability set in external format.
However, libcap and libcap/cap now both default to 29 bytes. That is
libcap2 has the more significant legacy footprint.)

In all cases, libcap/cap and libcap2 were previously interoperable,
being able to import each others exported format. This remains true
[independent of the setting of libcap/cap.MinExtFlagSize].

Addresses this bug:

  https://bugzilla.kernel.org/show_bug.cgi?id=213375

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Add a module argument to pam_cap.so to assist with ambient support 2021-05-08T03:06:36+00:00 Andrew G. Morgan morgan@kernel.org 2021-05-05T03:28:37+00:00 fe4c27de243b13973acff3cda2c8c8ff4a768855 Some PAM applications drop privilege when they change UID, which has the side effect of dropping ambient capabilities. We add support for the "keepcaps" argument which can be used in an attempt by the module to not drop permitted capabilities when performing a setuid() call. Some experimentation may be needed to see if this works for any given application. To not be a security bug vector, it requires the application so configured perform an exec() to launch a user-specific operation. This is an attempt to provide some Adminstrator support for working around the issue observed in this bug (report by Zoltan Fridrich): https://bugzilla.kernel.org/show_bug.cgi?id=212945 Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
Some PAM applications drop privilege when they change UID, which has
the side effect of dropping ambient capabilities. We add support for
the "keepcaps" argument which can be used in an attempt by the module
to not drop permitted capabilities when performing a setuid() call.
Some experimentation may be needed to see if this works for any given
application. To not be a security bug vector, it requires the application
so configured perform an exec() to launch a user-specific operation.

This is an attempt to provide some Adminstrator support for working
around the issue observed in this bug (report by Zoltan Fridrich):

https://bugzilla.kernel.org/show_bug.cgi?id=212945

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Make the cap_launch.3 documentation and code use common conventions 2021-03-07T23:39:51+00:00 Andrew G. Morgan morgan@kernel.org 2021-03-07T23:34:01+00:00 fd5271195dc27b017b2470be12356c49369e0058 The cap_launch() 2nd argument should be consistently named. So, we choose "detail". Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
The cap_launch() 2nd argument should be consistently named. So, we
choose "detail".

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Implement libcap:cap_func_launcher() 2021-03-07T02:21:36+00:00 Andrew G. Morgan morgan@kernel.org 2021-03-07T02:21:36+00:00 e8c9f02c2cbf937d2547b903b0c803d8a829fe21 This is a handy function launcher for running a function in a forked copy of the process. This fork will be terminated should the callback return. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
This is a handy function launcher for running a function in a forked
copy of the process. This fork will be terminated should the callback
return.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Drop all symlinks from the repository 2021-02-03T06:13:04+00:00 Andrew G. Morgan morgan@kernel.org 2021-02-03T06:01:39+00:00 ea1f4bf0d824dac4f43e181c811f9b741f776477 Where we need symlinks we now create them as part of the make process. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
Where we need symlinks we now create them as part of the make process.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Further trim the psx headers and support easy vendoring. 2020-12-09T16:30:38+00:00 Andrew G. Morgan morgan@kernel.org 2020-12-09T16:12:43+00:00 4d13894a85386feeca22ebf7c0f84f4173376e0f Remove psx_pthread_create() from libpsx - given the way -lpsx is linked this is not needed. Also, as pointed out by Lorenz Bauer, "go mod vendor" support was unable to vendor a copy of psx_syscall.h because it didn't reside in the same directory as the *.go code for the psx package. (General discussion https://github.com/golang/go/issues/26366 .) Given that we can, avoid the use of a sub-directory in the libcap tree. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
Remove psx_pthread_create() from libpsx - given the way -lpsx is
linked this is not needed.

Also, as pointed out by Lorenz Bauer, "go mod vendor" support
was unable to vendor a copy of psx_syscall.h because it didn't
reside in the same directory as the *.go code for the psx package.
(General discussion https://github.com/golang/go/issues/26366 .)
Given that we can, avoid the use of a sub-directory in the libcap
tree.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Add new value CAP_CHECKPOINT_RESTORE = 40. 2020-08-14T03:45:43+00:00 Andrew G. Morgan morgan@kernel.org 2020-08-14T03:45:43+00:00 1b99022113e22505d664d52136e1ecc662624f03 Linus' kernel has defined this one now. Signed-off-by: Andrew G. Morgan <morgan@kernel.org> 
Linus' kernel has defined this one now.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>