Compare commits
No commits in common. "4759268e73386f029441666a03a414b460512926" and "9074caea66a44cb62094c3efb51533d3d1ddb8b3" have entirely different histories.
4759268e73
...
9074caea66
1
.gitignore
vendored
1
.gitignore
vendored
@ -24,4 +24,3 @@ libcap-ng-0.6.4.tar.gz
|
||||
/libcap-ng-0.8.tar.gz
|
||||
/libcap-ng-0.8.1.tar.gz
|
||||
/libcap-ng-0.8.2.tar.gz
|
||||
/libcap-ng-0.8.3.tar.gz
|
||||
|
66
libcap-ng-0.8.2-apply-disable.patch
Normal file
66
libcap-ng-0.8.2-apply-disable.patch
Normal file
@ -0,0 +1,66 @@
|
||||
diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c
|
||||
--- libcap-ng-0.8.3.orig/src/cap-ng.c 2021-01-30 09:26:33.000000000 -0500
|
||||
+++ libcap-ng-0.8.3/src/cap-ng.c 2021-01-30 09:52:43.507967643 -0500
|
||||
@@ -713,6 +713,36 @@ int capng_updatev(capng_act_t action, ca
|
||||
return rc;
|
||||
}
|
||||
|
||||
+#include <sys/param.h>
|
||||
+static char *get_exename(char *exename, int size)
|
||||
+{
|
||||
+ char tmp[PATH_MAX+1];
|
||||
+ int res;
|
||||
+
|
||||
+ /* get the name of the current executable */
|
||||
+ if ((res = readlink("/proc/self/exe", tmp, PATH_MAX)) < 0)
|
||||
+ strcpy(exename, "\"?\"");
|
||||
+ else {
|
||||
+ tmp[res] = '\0';
|
||||
+ snprintf(exename, size, "\"%s\"", tmp);
|
||||
+ }
|
||||
+ return exename;
|
||||
+}
|
||||
+
|
||||
+#include <syslog.h>
|
||||
+static void log_problem(unsigned int msg)
|
||||
+{
|
||||
+ static const char *text[3] = {
|
||||
+ "dropping bounding set",
|
||||
+ "getting new bounding set",
|
||||
+ "dropping bounding set due to not having CAP_SETPCAP"
|
||||
+ };
|
||||
+ unsigned idx = msg - 2;
|
||||
+ char exe[2048];
|
||||
+ syslog(LOG_ERR, "libcap-ng used by %s failed %s in capng_apply",
|
||||
+ get_exename(exe, 2047), text[idx]);
|
||||
+}
|
||||
+
|
||||
int capng_apply(capng_select_t set)
|
||||
{
|
||||
int rc = 0;
|
||||
@@ -733,19 +763,22 @@ int capng_apply(capng_select_t set)
|
||||
if (capng_have_capability(CAPNG_BOUNDING_SET,
|
||||
i) == 0) {
|
||||
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
|
||||
- rc = -2;
|
||||
+// rc = -2;
|
||||
+ log_problem(2);
|
||||
goto try_caps;
|
||||
}
|
||||
}
|
||||
}
|
||||
m.state = CAPNG_APPLIED;
|
||||
if (get_bounding_set() < 0) {
|
||||
- rc = -3;
|
||||
+// rc = -3;
|
||||
+ log_problem(3);
|
||||
goto try_caps;
|
||||
}
|
||||
} else {
|
||||
memcpy(&m, &state, sizeof(m)); /* restore state */
|
||||
- rc = -4;
|
||||
+// rc = -4;
|
||||
+ log_problem(4);
|
||||
goto try_caps;
|
||||
}
|
||||
#endif
|
@ -1,7 +1,7 @@
|
||||
diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c
|
||||
--- libcap-ng-0.8.3.orig/src/cap-ng.c 2021-09-28 12:14:41.000000000 -0400
|
||||
+++ libcap-ng-0.8.3/src/cap-ng.c 2021-09-28 12:23:23.551725018 -0400
|
||||
@@ -767,6 +767,41 @@ int capng_updatev(capng_act_t action, ca
|
||||
--- libcap-ng-0.8.3.orig/src/cap-ng.c 2021-01-30 09:26:33.000000000 -0500
|
||||
+++ libcap-ng-0.8.3/src/cap-ng.c 2021-01-30 09:52:43.507967643 -0500
|
||||
@@ -713,6 +713,36 @@ int capng_updatev(capng_act_t action, ca
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -29,21 +29,16 @@ diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c
|
||||
+ "getting new bounding set",
|
||||
+ "dropping bounding set due to not having CAP_SETPCAP"
|
||||
+ };
|
||||
+ static int warned[3] = {0, 0, 0};
|
||||
+ unsigned idx = msg - 2;
|
||||
+ char exe[2048];
|
||||
+ if (warned[idx] == 0) {
|
||||
+ // Only warn once
|
||||
+ syslog(LOG_ERR, "libcap-ng used by %s failed %s in capng_apply",
|
||||
+ get_exename(exe, 2047), text[idx]);
|
||||
+ warned[idx] = 1;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
int capng_apply(capng_select_t set)
|
||||
{
|
||||
int rc = 0;
|
||||
@@ -788,19 +823,22 @@ if (HAVE_PR_CAPBSET_DROP) {
|
||||
@@ -733,19 +763,22 @@ int capng_apply(capng_select_t set)
|
||||
if (capng_have_capability(CAPNG_BOUNDING_SET,
|
||||
i) == 0) {
|
||||
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
|
||||
@ -68,4 +63,4 @@ diff -urp libcap-ng-0.8.3.orig/src/cap-ng.c libcap-ng-0.8.3/src/cap-ng.c
|
||||
+ log_problem(4);
|
||||
goto try_caps;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -1,12 +1,12 @@
|
||||
Summary: Alternate posix capabilities library
|
||||
Name: libcap-ng
|
||||
Version: 0.8.3
|
||||
Release: 3%{?dist}
|
||||
Version: 0.8.2
|
||||
Release: 8%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: https://people.redhat.com/sgrubb/libcap-ng/
|
||||
Source0: https://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
|
||||
# This patch can be removed when 1899540 is resolved
|
||||
Patch1: libcap-ng-0.8.3-apply-disable.patch
|
||||
Patch1: libcap-ng-0.8.2-apply-disable.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: kernel-headers >= 2.6.11
|
||||
@ -95,18 +95,6 @@ make check
|
||||
%attr(0644,root,root) %{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 0.8.3-2
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Tue Mar 29 2022 Steve Grubb <sgrubb@redhat.com> 0.8.3-1
|
||||
- New upstream bugfix release
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Wed Dec 22 2021 Steve Grubb <sgrubb@redhat.com> 0.8.2-8
|
||||
- Update apply-disable patch
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (libcap-ng-0.8.3.tar.gz) = 0ef9bc7bc6b7b59991f43b79aa6cde3e8d2c22c4b9ced2af8deae501e01d51e893033d109cb8aa0fdcba190140110993089245346334d7b114d18f1bb1b55b97
|
||||
SHA512 (libcap-ng-0.8.2.tar.gz) = 0ac6e55c03b1fba3a849048b721e250951afb59190d9646704d4fd9938eccc3bd0767380fbddc42f186b4f55695475e31f34f537ae91c04a37662577a5b7a19b
|
||||
|
Loading…
Reference in New Issue
Block a user