Remove PR_SET_NO_NEW_PRIVS call in capng_lock
This commit is contained in:
parent
eaa80a1734
commit
c8b3078055
14
libcap-ng-0.7.5-no-no_new_privs.patch
Normal file
14
libcap-ng-0.7.5-no-no_new_privs.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff -urp libcap-ng-0.7.5.orig/src/cap-ng.c libcap-ng-0.7.5/src/cap-ng.c
|
||||||
|
--- libcap-ng-0.7.5.orig/src/cap-ng.c 2014-04-30 21:44:23.000000000 -0400
|
||||||
|
+++ libcap-ng-0.7.5/src/cap-ng.c 2014-04-30 22:04:31.225062310 -0400
|
||||||
|
@@ -710,10 +710,6 @@ int capng_lock(void)
|
||||||
|
1 << SECURE_NOROOT_LOCKED |
|
||||||
|
1 << SECURE_NO_SETUID_FIXUP |
|
||||||
|
1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
|
||||||
|
-#ifdef PR_SET_NO_NEW_PRIVS
|
||||||
|
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
|
||||||
|
- return -1;
|
||||||
|
-#endif
|
||||||
|
if (rc)
|
||||||
|
return -1;
|
||||||
|
#endif
|
@ -3,11 +3,12 @@
|
|||||||
Summary: An alternate posix capabilities library
|
Summary: An alternate posix capabilities library
|
||||||
Name: libcap-ng
|
Name: libcap-ng
|
||||||
Version: 0.7.4
|
Version: 0.7.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://people.redhat.com/sgrubb/libcap-ng
|
URL: http://people.redhat.com/sgrubb/libcap-ng
|
||||||
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
|
||||||
|
Patch1: libcap-ng-0.7.5-no-no_new_privs.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: kernel-headers >= 2.6.11
|
BuildRequires: kernel-headers >= 2.6.11
|
||||||
|
|
||||||
@ -50,6 +51,7 @@ lets you set the file system based capabilities.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --libdir=/%{_lib}
|
%configure --libdir=/%{_lib}
|
||||||
@ -111,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0644,root,root) %{_mandir}/man8/*
|
%attr(0644,root,root) %{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 30 2014 Steve Grubb <sgrubb@redhat.com> 0.7.4-2
|
||||||
|
- Remove PR_SET_NO_NEW_PRIVS call in capng_lock
|
||||||
|
|
||||||
* Thu Apr 24 2014 Steve Grubb <sgrubb@redhat.com> 0.7.4-1
|
* Thu Apr 24 2014 Steve Grubb <sgrubb@redhat.com> 0.7.4-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user