libcap

marty goodoldmarty at gmail.com
Wed Feb 20 01:15:25 PST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I remember there being trouble with this on uClibc, or is this in the past now?
> Anyway, I might take a shot at with uClibc sometime soon and report
> any luck, hacks, or patches.
> 
The issues with capabilities is not really related to the libraries. The
standards changed and the API lagged; I use the legacy-32 stuff currently with
no problems, just warnings. The new API might be problematic for a while.

2.6.25-rc2-mm1#./quicktest.sh
EXPECT SUCCESS: TEST: ./capsh --print
Current: =ep
Bounding set
=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,
cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,
cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,
cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,
cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,
cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin
[Securebits ABI not supported]
 prctl-keep-caps: no (locking not supported)
uid=0
PASSED
EXPECT SUCCESS: TEST: ./capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
Current: =ep
Bounding set
=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,
cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,
cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,
cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,
cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,
cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,
cap_setfcap,cap_mac_override,cap_mac_admin
[Securebits ABI not supported]
 prctl-keep-caps: yes (locking not supported)
uid=0
PASSED
EXPECT SUCCESS: TEST: ./capsh --secbits=42 --print
failed to set securebits to 052/0x2a
FAILED
Undesired result - aborting
PROBLEM TEST: --secbits=42 --print

Marty B.

- --
Putting Microsoft in a computer is like putting screen doors in a submarine.
Hopeless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFHu++todd/GHZYnVQRAkwWAJ0Q9mijAZIpzVbNsKHRFm/NAW8IWwCgg+QQ
M4kDgOan6XttOFNhYhHlGFI=
=d6Gb
-----END PGP SIGNATURE-----



More information about the hlfs-dev mailing list