| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
This was a regresssion introduced in libcap-2.55. Fixed in libcap-2.59.
Added a cap_launch NULL test too. Comparing against NULL would cause a
SIGSEGV against these library revisions.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
In 2.54 (*Set).Compare() was deprecated in favor of (*Set).Cf(),
so update the top level comment to reflect the preferred API.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
Deprecation has a stylized comment format as per go.dev.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As with the other D(()) entries in the pam_cap.so module, this
is enabled if the /* #define PAM_DEBUG */ comment is uncommented
at the top of the pam_cap.so file.
I tried this on a sample app and it didn't actually follow the
documentation:
http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end
where no pam_end() call was made to terminate the fork()ed copy of the pamh
value. That app needs to be fixed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the session idea worked with contrib/sucap/su.c, it failed on
more traditional PAM apps. For a second (likely last) attempt to find a
path, I've deleted the session support and now attempt to do the setting
via a PAM data item cleanup() callback. In the contrib/sucap/su.c code,
evolved from the original SimplePAMApps 'su', there is a
pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT)
from within the fork()d launcher code, so I hope this convention is
standard for all the PAM apps that came after.
The suggested config for this module for an app, that wants to support
the Ambient vector, is thus now:
#%PAM-1.0
auth required pam_cap.so keepcaps defer
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
This is all part of an effort to address:
https://bugzilla.kernel.org/show_bug.cgi?id=214377
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Also include the aggressive default CFLAGS, and fix the many many
issues it uncovered. (Honestly, it was a wonder it worked at all
before.)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an attempt to address:
https://bugzilla.kernel.org/show_bug.cgi?id=214377
The basic structure is you configure PAM with a config like this:
#%PAM-1.0
auth required pam_cap.so use_session keepcaps
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
session optional pam_cap.so
Here the "auth" part prepares the application with "keepcaps", and the
"use_session" instructs the module to apply any IAB tuple for the user
at session open time and not during the setcred (auth) flow.
This has been tested against the contrib/sucap implementation of su.
The "use_session" support should work with more standard PAM enabled
apps too, but I'll wait for some positive feedback (see the bug)
before declaring it stable.
FWIW the contrib/sucap/su app also supports this config for Ambient
vector setting (without a "session" invocation of pam_cap.so):
#%PAM-1.0
auth required pam_cap.so
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
but that is because the sucap/su app is more tightly integrated with
libcap than the standard PAM apps.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Credit to yan12125 for finding this bug:
https://bugzilla.kernel.org/show_bug.cgi?id=214373
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
Part of the reason for the QEMU kernel test is to fully test
the library against kernels without requiring sudo.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
These were broken as a result of delaying building the test and sudotest
binaries until they were actually needed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've been looking at reasons packagers are not building the Go binaries
and found this with respect to RPMs:
https://github.com/rpm-software-management/rpm/issues/367
There has been no easy way to inject the otherwise unneeded workaround:
-ldflags=-linkmode=external for building (which, strangely, generates
some sort of warning and gratuitously links glibc to an otherwise
static build), but seems to work.
Until RPM supports Go's native '.note.go.buildid', and RPM requires
'.note.gnu.build-id' on binaries, I guess this can work around it:
GO_BUILD_FLAGS='-ldflags=-linkmode=external'
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
One more missing dependency for pam_cap.so building.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Based on what I see on go.dev, there seems to be some preferred
comment style for deprecating a function. Use it to help spread
the word.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up to this point, capsh hides some complexity concerning raising
the CAP_SETPCAP in order to raise inheritable and drop bounding
set values. This made it harder to explain some aspects of
inheritance, and I ran into that detail writing this:
https://sites.google.com/site/fullycapable/why-didnt-that-work#h.z7rwbcazhr4r
Refactored capsh.c to clean up some buggy code, and also fix some
documentation, including reference to the --strict argument.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
cap.Set's have Flag component Values
cap.IAB's have Vector component Values
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
Tried make -j12 and these fixes were needed.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Things like /proc/* files don't support capabilities on them and
if getcap looks at them it generates a lot of errors. Treat it as
equivalent to there being no capability on the file.
This addresses
https://bugzilla.kernel.org/show_bug.cgi?id=214317
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
This addresses the feature request:
https://bugzilla.kernel.org/show_bug.cgi?id=214319
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
Make build a bit quicker for folk that don't want to run tests.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
Summary:
- Always keep $(WARNINGS) when overriding CFLAGS
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Disable with --colo[u]r=false or pipe into something else.
Ex. 'captree | cat'
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added --color as an argument to make it easier to spot what you
are looking for in the output.
This addresses item (2) of:
https://bugzilla.kernel.org/show_bug.cgi?id=214269
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
This addresses issue (1) of:
https://bugzilla.kernel.org/show_bug.cgi?id=214269
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Respect user's CFLAGS/CPPFLAGS/LDFLAGS
* Respect $(MAKE)
* Remove CPPFLAGS from link rules
Note: for in-tree built test binaries, where we build --static,
we do not apply LDFLAGS: we want to limit external
dependencies in general; and users' LDFLAGS have a strong
tendency to conflict with --static for linking.
Work in collaboration with David Seifert (ie, he wrote most of it).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
This fixes a bug preventing 'make test' from working when invoked by root.
Bug reported by David Seifert:
https://bugzilla.kernel.org/show_bug.cgi?id=214257
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
As explained (thanks David Seifert) there are some LDFLAGS that
need to precede actual linked libraries. For example, -Wl,--as-needed.
Given this, I've tried it and it appears to work for the default
build cases as captured in 'make distcheck'.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Noticed that we weren't applying the same amount of flag discipline
to local BUILD_* tool rules. Fixing that, I see we've been carrying
a source code issue in libcap/_makenames.c for a while. (FIXED).
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
Some fixes, some more efficient URLs, some more coherrent cross-references.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
Add some features to captree. I plan to post a companion article
here:
https://sites.google.com/site/fullycapable/captree
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
| |
I'm setting up some testing environments and they are not all
created equal.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
I figured out that the key ingredient to reproducing this issue
was:
make COPTS="-D_FORTIFY_SOURCE=2 -O1 -g" clean test
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
| |
Add more debug logging.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
| |
Not sure exactly what is causing the build server to fail (can't
reproduce yet), but add some extra padding to a calloc and also
some test debugging printf()s.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
|
| |
This is needed to locally configure libcap to find the pid data
if the proc filesystem is not mounted at "/proc" (rare). Currently
libcap only uses this info to implement cap_iab_get_pid().
This brings libcap back to parity with the Go "cap" package.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
| |
|
|
|
|
|
|
|
| |
Further observations from Zoltan Fridrich's static analysis of libcap.
This commit also includes a fix for something I broke with the last
round of "fixing", and a test to make sure I don't make that mistake
again.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
