Submitted By: Randy McMurchy Date: 2007-04-15 Initial Package Version: 1.10 Upstream Status: Unknown (package no longer maintained?) Origin: Fedora CVS Description: Fixes build issues, adds capability references. See http://cvs.fedora.redhat.com/viewcvs/devel/libcap/ for details about the following patches, all rolled into this patch: Patch1: libcap-1.10-userland.patch Patch2: libcap-1.10-shared.patch Patch3: libcap-1.10-useCFLAGSwithCC.patch Patch4: libcap-1.10-debian.patch Patch5: libcap-1.10-nostaticlib.patch Patch6: libcap-1.10-fPIC.patch Patch7: libcap-1.10-audit.patch diff -Naur libcap-1.10-orig/Make.Rules libcap-1.10/Make.Rules --- libcap-1.10-orig/Make.Rules 1999-11-18 06:06:02.000000000 +0000 +++ libcap-1.10/Make.Rules 2007-04-15 00:00:09.000000000 +0000 @@ -8,7 +8,7 @@ # common 'packaging' directoty -FAKEROOT= +FAKEROOT=$(DESTDIR) # Autoconf-style prefixes are activated when $(prefix) is defined. # Otherwise binaries and libraraies are installed in /{lib,sbin}/, @@ -18,13 +18,13 @@ exec_prefix=$(prefix) lib_prefix=$(exec_prefix) inc_prefix=$(lib_prefix) -man_prefix=$(prefix) +man_prefix=$(prefix)/share else prefix=/usr exec_prefix= lib_prefix=$(exec_prefix) inc_prefix=$(prefix) -man_prefix=$(prefix) +man_prefix=$(prefix)/share endif # Target directories diff -Naur libcap-1.10-orig/Makefile libcap-1.10/Makefile --- libcap-1.10-orig/Makefile 1999-04-17 22:16:31.000000000 +0000 +++ libcap-1.10/Makefile 2007-04-15 00:00:09.000000000 +0000 @@ -3,17 +3,20 @@ # # Makefile for libcap +ifndef topdir topdir=$(shell pwd) -include Make.Rules +endif +include $(topdir)/Make.Rules +DESTDIR= # # flags # all install clean: %: %-here - make -C libcap $(MAKE_DEFS) $@ - make -C progs $(MAKE_DEFS) $@ - make -C doc $(MAKE_DEFS) $@ + make -C $(topdir)/libcap $(MAKE_DEFS) $@ + make -C $(topdir)/progs $(MAKE_DEFS) $@ + make -C $(topdir)/doc $(MAKE_DEFS) $@ all-here: diff -Naur libcap-1.10-orig/libcap/Makefile libcap-1.10/libcap/Makefile --- libcap-1.10-orig/libcap/Makefile 1999-04-17 22:16:31.000000000 +0000 +++ libcap-1.10/libcap/Makefile 2007-04-15 00:02:58.000000000 +0000 @@ -24,12 +24,14 @@ # # defines # +ifndef topdir topdir=$(shell pwd)/.. -include ../Make.Rules +endif +include $(topdir)/Make.Rules # # Library version # -LIBNAME=libcap.so +LIBNAME=libcap # FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys @@ -39,7 +41,8 @@ INCLS=libcap.h cap_names.h $(INCS) OBJS=$(addsuffix .o, $(FILES)) -MAJLIBNAME=$(LIBNAME).$(VERSION) +LOBJS=$(addsuffix .lo, $(FILES)) +MAJLIBNAME=$(LIBNAME).so.$(VERSION) MINLIBNAME=$(MAJLIBNAME).$(MINOR) all: $(MINLIBNAME) @@ -51,17 +54,21 @@ ./_makenames > cap_names.h cap_names.sed: Makefile /usr/include/linux/capability.h - @echo "=> making cap_names.c from " - @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed -# @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed +cap_names.sed: Makefile include/sys/capability.h + @echo "=> making cap_names.c from " + @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < include/sys/capability.h | fgrep -v 0x > cap_names.sed +# @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed -$(MINLIBNAME): $(OBJS) - $(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS) +$(MINLIBNAME): $(LOBJS) + $(CC) $(COPTFLAG) -Wl,-soname,$(MAJLIBNAME) -Wl,-x -shared -fPIC -o $@ $(LOBJS) ln -sf $(MINLIBNAME) $(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBNAME) + ln -sf $(MAJLIBNAME) $(LIBNAME).so %.o: %.c $(INCLS) - $(CC) $(CFLAGS) -c $< -o $@ + $(CC) $(CFLAGS) -fPIC -c $< -o $@ + +%.lo: %.c $(INCLS) + $(CC) $(CFLAGS) -fPIC -c $< -o $@ install: all mkdir -p -m 0755 $(INCDIR)/sys @@ -69,12 +76,12 @@ mkdir -p -m 0755 $(LIBDIR) install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME) ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME) + ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME).so -/sbin/ldconfig clean: $(LOCALCLEAN) - rm -f $(OBJS) $(LIBNAME)* + rm -f $(OBJS) $(LOBJS) $(LIBNAME).so* rm -f cap_names.h cap_names.sed _makenames cd include/sys && $(LOCALCLEAN) diff -Naur libcap-1.10-orig/libcap/_makenames.c libcap-1.10/libcap/_makenames.c --- libcap-1.10-orig/libcap/_makenames.c 1999-05-14 04:46:15.000000000 +0000 +++ libcap-1.10/libcap/_makenames.c 2007-04-15 00:00:09.000000000 +0000 @@ -9,7 +9,7 @@ #include #include -#include +#include /* * #include 'sed' generated array diff -Naur libcap-1.10-orig/libcap/cap_sys.c libcap-1.10/libcap/cap_sys.c --- libcap-1.10-orig/libcap/cap_sys.c 1999-04-17 22:16:31.000000000 +0000 +++ libcap-1.10/libcap/cap_sys.c 2007-04-15 00:00:09.000000000 +0000 @@ -11,6 +11,8 @@ #define __LIBRARY__ #include +/* glibc >= 2.1 knows capset/capget. no need to define it here */ +/* _syscall2(int, capget, cap_user_header_t, header, cap_user_data_t, data) @@ -18,6 +20,7 @@ _syscall2(int, capset, cap_user_header_t, header, const cap_user_data_t, data) +*/ /* * $Log: cap_sys.c,v $ diff -Naur libcap-1.10-orig/libcap/include/sys/capability.h libcap-1.10/libcap/include/sys/capability.h --- libcap-1.10-orig/libcap/include/sys/capability.h 1999-11-18 06:19:21.000000000 +0000 +++ libcap-1.10/libcap/include/sys/capability.h 2007-04-15 00:03:26.000000000 +0000 @@ -21,7 +21,293 @@ */ #include -#include +#include + +/* + * This is + * + * Andrew G. Morgan + * Alexander Kjeldaas + * with help from Aleph1, Roland Buresund and Andrew Main. + * + * See here for the libcap library ("POSIX draft" compliance): + * + * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ + */ + +#ifndef _LINUX_CAPABILITY_H +#define _LINUX_CAPABILITY_H + +#include +/*#include */ + +/* User-level do most of the mapping between kernel and user + capabilities based on the version tag given by the kernel. The + kernel might be somewhat backwards compatible, but don't bet on + it. */ + +/* XXX - Note, cap_t, is defined by POSIX to be an "opaque" pointer to + a set of three capability sets. The transposition of 3*the + following structure to such a composite is better handled in a user + library since the draft standard requires the use of malloc/free + etc.. */ + +#define _LINUX_CAPABILITY_VERSION 0x19980330 + +typedef struct __user_cap_header_struct { + __u32 version; + int pid; +} *cap_user_header_t; + +typedef struct __user_cap_data_struct { + __u32 effective; + __u32 permitted; + __u32 inheritable; +} *cap_user_data_t; + +#ifdef __KERNEL__ + +/* #define STRICT_CAP_T_TYPECHECKS */ + +#ifdef STRICT_CAP_T_TYPECHECKS + +typedef struct kernel_cap_struct { + __u32 cap; +} kernel_cap_t; + +#else + +typedef __u32 kernel_cap_t; + +#endif + +#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) +#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) + +#endif + + +/** + ** POSIX-draft defined capabilities. + **/ + +/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this + overrides the restriction of changing file ownership and group + ownership. */ + +#define CAP_CHOWN 0 + +/* Override all DAC access, including ACL execute access if + [_POSIX_ACL] is defined. Excluding DAC access covered by + CAP_LINUX_IMMUTABLE. */ + +#define CAP_DAC_OVERRIDE 1 + +/* Overrides all DAC restrictions regarding read and search on files + and directories, including ACL restrictions if [_POSIX_ACL] is + defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ + +#define CAP_DAC_READ_SEARCH 2 + +/* Overrides all restrictions about allowed operations on files, where + file owner ID must be equal to the user ID, except where CAP_FSETID + is applicable. It doesn't override MAC and DAC restrictions. */ + +#define CAP_FOWNER 3 + +/* Overrides the following restrictions that the effective user ID + shall match the file owner ID when setting the S_ISUID and S_ISGID + bits on that file; that the effective group ID (or one of the + supplementary group IDs) shall match the file owner ID when setting + the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are + cleared on successful return from chown(2) (not implemented). */ + +#define CAP_FSETID 4 + +/* Used to decide between falling back on the old suser() or fsuser(). */ + +#define CAP_FS_MASK 0x1f + +/* Overrides the restriction that the real or effective user ID of a + process sending a signal must match the real or effective user ID + of the process receiving the signal. */ + +#define CAP_KILL 5 + +/* Allows setgid(2) manipulation */ +/* Allows setgroups(2) */ +/* Allows forged gids on socket credentials passing. */ + +#define CAP_SETGID 6 + +/* Allows set*uid(2) manipulation (including fsuid). */ +/* Allows forged pids on socket credentials passing. */ + +#define CAP_SETUID 7 + + +/** + ** Linux-specific capabilities + **/ + +/* Transfer any capability in your permitted set to any pid, + remove any capability in your permitted set from any pid */ + +#define CAP_SETPCAP 8 + +/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ + +#define CAP_LINUX_IMMUTABLE 9 + +/* Allows binding to TCP/UDP sockets below 1024 */ +/* Allows binding to ATM VCIs below 32 */ + +#define CAP_NET_BIND_SERVICE 10 + +/* Allow broadcasting, listen to multicast */ + +#define CAP_NET_BROADCAST 11 + +/* Allow interface configuration */ +/* Allow administration of IP firewall, masquerading and accounting */ +/* Allow setting debug option on sockets */ +/* Allow modification of routing tables */ +/* Allow setting arbitrary process / process group ownership on + sockets */ +/* Allow binding to any address for transparent proxying */ +/* Allow setting TOS (type of service) */ +/* Allow setting promiscuous mode */ +/* Allow clearing driver statistics */ +/* Allow multicasting */ +/* Allow read/write of device-specific registers */ +/* Allow activation of ATM control sockets */ + +#define CAP_NET_ADMIN 12 + +/* Allow use of RAW sockets */ +/* Allow use of PACKET sockets */ + +#define CAP_NET_RAW 13 + +/* Allow locking of shared memory segments */ +/* Allow mlock and mlockall (which doesn't really have anything to do + with IPC) */ + +#define CAP_IPC_LOCK 14 + +/* Override IPC ownership checks */ + +#define CAP_IPC_OWNER 15 + +/* Insert and remove kernel modules - modify kernel without limit */ +/* Modify cap_bset */ +#define CAP_SYS_MODULE 16 + +/* Allow ioperm/iopl access */ +/* Allow sending USB messages to any device via /proc/bus/usb */ + +#define CAP_SYS_RAWIO 17 + +/* Allow use of chroot() */ + +#define CAP_SYS_CHROOT 18 + +/* Allow ptrace() of any process */ + +#define CAP_SYS_PTRACE 19 + +/* Allow configuration of process accounting */ + +#define CAP_SYS_PACCT 20 + +/* Allow configuration of the secure attention key */ +/* Allow administration of the random device */ +/* Allow examination and configuration of disk quotas */ +/* Allow configuring the kernel's syslog (printk behaviour) */ +/* Allow setting the domainname */ +/* Allow setting the hostname */ +/* Allow calling bdflush() */ +/* Allow mount() and umount(), setting up new smb connection */ +/* Allow some autofs root ioctls */ +/* Allow nfsservctl */ +/* Allow VM86_REQUEST_IRQ */ +/* Allow to read/write pci config on alpha */ +/* Allow irix_prctl on mips (setstacksize) */ +/* Allow flushing all cache on m68k (sys_cacheflush) */ +/* Allow removing semaphores */ +/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores + and shared memory */ +/* Allow locking/unlocking of shared memory segment */ +/* Allow turning swap on/off */ +/* Allow forged pids on socket credentials passing */ +/* Allow setting readahead and flushing buffers on block devices */ +/* Allow setting geometry in floppy driver */ +/* Allow turning DMA on/off in xd driver */ +/* Allow administration of md devices (mostly the above, but some + extra ioctls) */ +/* Allow tuning the ide driver */ +/* Allow access to the nvram device */ +/* Allow administration of apm_bios, serial and bttv (TV) device */ +/* Allow manufacturer commands in isdn CAPI support driver */ +/* Allow reading non-standardized portions of pci configuration space */ +/* Allow DDI debug ioctl on sbpcd driver */ +/* Allow setting up serial ports */ +/* Allow sending raw qic-117 commands */ +/* Allow enabling/disabling tagged queuing on SCSI controllers and sending + arbitrary SCSI commands */ +/* Allow setting encryption key on loopback filesystem */ + +#define CAP_SYS_ADMIN 21 + +/* Allow use of reboot() */ + +#define CAP_SYS_BOOT 22 + +/* Allow raising priority and setting priority on other (different + UID) processes */ +/* Allow use of FIFO and round-robin (realtime) scheduling on own + processes and setting the scheduling algorithm used by another + process. */ + +#define CAP_SYS_NICE 23 + +/* Override resource limits. Set resource limits. */ +/* Override quota limits. */ +/* Override reserved space on ext2 filesystem */ +/* NOTE: ext2 honors fsuid when checking for resource overrides, so + you can override using fsuid too */ +/* Override size restrictions on IPC message queues */ +/* Allow more than 64hz interrupts from the real-time clock */ +/* Override max number of consoles on console allocation */ +/* Override max number of keymaps */ + +#define CAP_SYS_RESOURCE 24 + +/* Allow manipulation of system clock */ +/* Allow irix_stime on mips */ +/* Allow setting the real-time clock */ + +#define CAP_SYS_TIME 25 + +/* Allow configuration of tty devices */ +/* Allow vhangup() of tty */ + +#define CAP_SYS_TTY_CONFIG 26 + +/* Allow the privileged aspects of mknod() */ + +#define CAP_MKNOD 27 + +/* Allow taking of leases on files */ + +#define CAP_LEASE 28 + +#define CAP_AUDIT_WRITE 29 + +#define CAP_AUDIT_CONTROL 30 + +#endif /* !_LINUX_CAPABILITY_H */ + /* * POSIX capability types diff -Naur libcap-1.10-orig/progs/Makefile libcap-1.10/progs/Makefile --- libcap-1.10-orig/progs/Makefile 1999-04-17 22:16:31.000000000 +0000 +++ libcap-1.10/progs/Makefile 2007-04-14 23:59:45.000000000 +0000 @@ -36,7 +36,7 @@ all: $(PROGS) $(PROGS): %: %.o - $(CC) $(LDFLAGS) -o $@ $< $(LIBS) + $(CC) $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS) %.o: %.c $(INCS) $(CC) $(CFLAGS) -c $< -o $@