- New upstream release
This commit is contained in:
parent
c318f97458
commit
2158dcf165
@ -5,3 +5,4 @@ libcap-ng-0.5.1.tar.gz
|
|||||||
libcap-ng-0.6.tar.gz
|
libcap-ng-0.6.tar.gz
|
||||||
libcap-ng-0.6.1.tar.gz
|
libcap-ng-0.6.1.tar.gz
|
||||||
libcap-ng-0.6.2.tar.gz
|
libcap-ng-0.6.2.tar.gz
|
||||||
|
libcap-ng-0.6.3.tar.gz
|
||||||
|
@ -1,163 +0,0 @@
|
|||||||
diff -urp libcap-ng-0.6.2/utils/netcap.c libcap-ng-0.6.3/utils/netcap.c
|
|
||||||
--- libcap-ng-0.6.2/utils/netcap.c 2009-07-26 08:16:16.000000000 -0400
|
|
||||||
+++ libcap-ng-0.6.3/utils/netcap.c 2009-10-03 08:36:30.000000000 -0400
|
|
||||||
@@ -31,7 +31,6 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <dirent.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
-#include <sys/stat.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include "cap-ng.h"
|
|
||||||
#include "proc-llist.h"
|
|
||||||
@@ -56,12 +55,12 @@ static int collect_process_info(void)
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
while (( ent = readdir(d) )) {
|
|
||||||
+ FILE *sf;
|
|
||||||
int pid, ppid;
|
|
||||||
capng_results_t caps;
|
|
||||||
char buf[100];
|
|
||||||
char *tmp, cmd[16], state, *text, *bounds;
|
|
||||||
- int fd, len;
|
|
||||||
- struct stat sb;
|
|
||||||
+ int fd, len, euid;
|
|
||||||
|
|
||||||
// Skip non-process dir entries
|
|
||||||
if(*ent->d_name<'0' || *ent->d_name>'9')
|
|
||||||
@@ -77,7 +76,6 @@ static int collect_process_info(void)
|
|
||||||
if (fd < 0)
|
|
||||||
continue;
|
|
||||||
len = read(fd, buf, sizeof buf - 1);
|
|
||||||
- fstat(fd, &sb);
|
|
||||||
close(fd);
|
|
||||||
if (len < 40)
|
|
||||||
continue;
|
|
||||||
@@ -109,6 +107,29 @@ static int collect_process_info(void)
|
|
||||||
text = capng_print_caps_text(CAPNG_PRINT_BUFFER,
|
|
||||||
CAPNG_PERMITTED);
|
|
||||||
|
|
||||||
+ // Get the effective uid
|
|
||||||
+ snprintf(buf, 32, "/proc/%d/status", pid);
|
|
||||||
+ sf = fopen(buf, "rt");
|
|
||||||
+ if (sf == NULL)
|
|
||||||
+ euid = 0;
|
|
||||||
+ else {
|
|
||||||
+ int line = 0;
|
|
||||||
+ __fsetlocking(sf, FSETLOCKING_BYCALLER);
|
|
||||||
+ while (fgets(buf, sizeof(buf), sf)) {
|
|
||||||
+ if (line == 0) {
|
|
||||||
+ line++;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (memcmp(buf, "Uid:", 4) == 0) {
|
|
||||||
+ int id;
|
|
||||||
+ sscanf(buf, "Uid: %d %d",
|
|
||||||
+ &id, &euid);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ fclose(sf);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
// Now record the bounding set information
|
|
||||||
if (caps == CAPNG_PARTIAL) {
|
|
||||||
caps = capng_have_capabilities(CAPNG_SELECT_BOUNDS);
|
|
||||||
@@ -170,7 +191,7 @@ static int collect_process_info(void)
|
|
||||||
continue;
|
|
||||||
node.ppid = ppid;
|
|
||||||
node.pid = pid;
|
|
||||||
- node.uid = sb.st_uid;
|
|
||||||
+ node.uid = euid;
|
|
||||||
node.cmd = strdup(cmd);
|
|
||||||
node.inode = inode;
|
|
||||||
node.capabilities = strdup(text);
|
|
||||||
diff -urp libcap-ng-0.6.2/utils/pscap.c libcap-ng-0.6.3/utils/pscap.c
|
|
||||||
--- libcap-ng-0.6.2/utils/pscap.c 2009-08-16 08:29:37.000000000 -0400
|
|
||||||
+++ libcap-ng-0.6.3/utils/pscap.c 2009-10-03 08:36:57.000000000 -0400
|
|
||||||
@@ -23,12 +23,12 @@
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
#include <stdio.h>
|
|
||||||
+#include <stdio_ext.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <dirent.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
-#include <sys/stat.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include "cap-ng.h"
|
|
||||||
|
|
||||||
@@ -69,11 +69,10 @@ int main(int argc, char *argv[])
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
while (( ent = readdir(d) )) {
|
|
||||||
- int pid, ppid, uid = -1;
|
|
||||||
+ int pid, ppid, uid = -1, euid;
|
|
||||||
char buf[100];
|
|
||||||
char *tmp, cmd[16], state, *name = NULL;
|
|
||||||
int fd, len;
|
|
||||||
- struct stat sb;
|
|
||||||
struct passwd *p;
|
|
||||||
|
|
||||||
// Skip non-process dir entries
|
|
||||||
@@ -90,7 +89,6 @@ int main(int argc, char *argv[])
|
|
||||||
if (fd < 0)
|
|
||||||
continue;
|
|
||||||
len = read(fd, buf, sizeof buf - 1);
|
|
||||||
- fstat(fd, &sb);
|
|
||||||
close(fd);
|
|
||||||
if (len < 40)
|
|
||||||
continue;
|
|
||||||
@@ -120,20 +118,47 @@ int main(int argc, char *argv[])
|
|
||||||
// And print out anything with capabilities
|
|
||||||
caps = capng_have_capabilities(CAPNG_SELECT_CAPS);
|
|
||||||
if (caps > CAPNG_NONE) {
|
|
||||||
+ // Get the effective uid
|
|
||||||
+ FILE *f;
|
|
||||||
+ int line;
|
|
||||||
+ snprintf(buf, 32, "/proc/%d/status", pid);
|
|
||||||
+ f = fopen(buf, "rt");
|
|
||||||
+ if (f == NULL)
|
|
||||||
+ euid = 0;
|
|
||||||
+ else {
|
|
||||||
+ line = 0;
|
|
||||||
+ __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
||||||
+ while (fgets(buf, sizeof(buf), f)) {
|
|
||||||
+ if (line == 0) {
|
|
||||||
+ line++;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ if (memcmp(buf, "Uid:", 4) == 0) {
|
|
||||||
+ int id;
|
|
||||||
+ sscanf(buf, "Uid: %d %d",
|
|
||||||
+ &id, &euid);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ fclose(f);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ len = read(fd, buf, sizeof buf - 1);
|
|
||||||
+ close(fd);
|
|
||||||
if (header == 0) {
|
|
||||||
printf("%-5s %-5s %-10s %-16s %s\n",
|
|
||||||
"ppid", "pid", "name", "command",
|
|
||||||
"capabilities");
|
|
||||||
header = 1;
|
|
||||||
}
|
|
||||||
- if (sb.st_uid == 0) {
|
|
||||||
+ if (euid == 0) {
|
|
||||||
// Take short cut for this one
|
|
||||||
name = "root";
|
|
||||||
uid = 0;
|
|
||||||
- } else if (uid != (int)sb.st_uid) {
|
|
||||||
+ } else if (euid != uid) {
|
|
||||||
// Only look up if name changed
|
|
||||||
- p = getpwuid(sb.st_uid);
|
|
||||||
- uid = sb.st_uid;
|
|
||||||
+ p = getpwuid(euid);
|
|
||||||
+ uid = euid;
|
|
||||||
if (p)
|
|
||||||
name = p->pw_name;
|
|
||||||
// If not taking this branch, use last val
|
|
@ -1,15 +0,0 @@
|
|||||||
diff -urp libcap-ng-0.6.2/src/cap-ng.c libcap-ng-0.6.3/src/cap-ng.c
|
|
||||||
--- libcap-ng-0.6.2/src/cap-ng.c 2009-09-23 17:31:00.000000000 -0400
|
|
||||||
+++ libcap-ng-0.6.3/src/cap-ng.c 2009-10-09 08:59:01.000000000 -0400
|
|
||||||
@@ -549,8 +549,9 @@ int capng_change_id(int uid, int gid, ca
|
|
||||||
|
|
||||||
// Check the current capabilities
|
|
||||||
#ifdef PR_CAPBSET_DROP
|
|
||||||
- // If newer kernel, we need setpcap
|
|
||||||
- if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0)
|
|
||||||
+ // If newer kernel, we need setpcap to change the bounding set
|
|
||||||
+ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0 &&
|
|
||||||
+ flag & CAPNG_CLEAR_BOUNDING)
|
|
||||||
capng_update(CAPNG_ADD,
|
|
||||||
CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
|
|
||||||
#endif
|
|
@ -2,14 +2,12 @@
|
|||||||
|
|
||||||
Summary: An alternate posix capabilities library
|
Summary: An alternate posix capabilities library
|
||||||
Name: libcap-ng
|
Name: libcap-ng
|
||||||
Version: 0.6.2
|
Version: 0.6.3
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://people.redhat.com/sgrubb/libcap-ng
|
URL: http://people.redhat.com/sgrubb/libcap-ng
|
||||||
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
|
||||||
Patch1: libcap-ng-0.6.3-euid.patch
|
|
||||||
Patch2: libcap-ng-0.6.3-setpcap.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: kernel-headers >= 2.6.11
|
BuildRequires: kernel-headers >= 2.6.11
|
||||||
BuildRequires: libattr-devel
|
BuildRequires: libattr-devel
|
||||||
@ -52,8 +50,6 @@ lets you set the file system based capabilities.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --libdir=/%{_lib}
|
%configure --libdir=/%{_lib}
|
||||||
@ -112,6 +108,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0644,root,root) %{_mandir}/man8/*
|
%attr(0644,root,root) %{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 11 2010 Steve Grubb <sgrubb@redhat.com> 0.6.3-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
* Tue Feb 16 2010 Steve Grubb <sgrubb@redhat.com> 0.6.2-4
|
* Tue Feb 16 2010 Steve Grubb <sgrubb@redhat.com> 0.6.2-4
|
||||||
- Use global macro and require pkgconfig for devel subpackage
|
- Use global macro and require pkgconfig for devel subpackage
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user