Christian Wiese
12 years ago
1 changed files with 111 additions and 0 deletions
@ -0,0 +1,111 @@ |
|||||||
|
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||||||
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||||||
|
#
|
||||||
|
# Filename: package/.../libcap/0001-upstream-fixes.patch
|
||||||
|
# Copyright (C) 2013 The OpenSDE Project
|
||||||
|
#
|
||||||
|
# More information can be found in the files COPYING and README.
|
||||||
|
#
|
||||||
|
# This patch file is dual-licensed. It is available under the license the
|
||||||
|
# patched project is licensed under, as long as it is an OpenSource license
|
||||||
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||||||
|
# of the GNU General Public License as published by the Free Software
|
||||||
|
# Foundation; either version 2 of the License, or (at your option) any later
|
||||||
|
# version.
|
||||||
|
# --- SDE-COPYRIGHT-NOTE-END ---
|
||||||
|
|
||||||
|
Fixes found in the upstream repository
|
||||||
|
|
||||||
|
https://git.kernel.org/cgit/linux/kernel/git/morgan/libcap.git/
|
||||||
|
|
||||||
|
|
||||||
|
From 616a03da55bbaefce4055d4e47a81cd85f3161e2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew G. Morgan <morgan@kernel.org>
|
||||||
|
Date: Sun, 31 Jul 2011 00:39:27 +0000
|
||||||
|
Subject: Fix a compiler warning(error) for format mismatch.
|
||||||
|
|
||||||
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
||||||
|
---
|
||||||
|
diff --git a/progs/capsh.c b/progs/capsh.c
|
||||||
|
index 52336d7..3ceadcd 100644
|
||||||
|
--- a/progs/capsh.c
|
||||||
|
+++ b/progs/capsh.c
|
||||||
|
@@ -520,7 +520,8 @@ int main(int argc, char *argv[], char *envp[])
|
||||||
|
if (set >= 0) {
|
||||||
|
const char *b;
|
||||||
|
b = binary(set); /* use verilog convention for binary string */
|
||||||
|
- printf("Securebits: 0%o/0x%x/%u'b%s\n", set, set, strlen(b), b);
|
||||||
|
+ printf("Securebits: 0%o/0x%x/%u'b%s\n", set, set,
|
||||||
|
+ (unsigned) strlen(b), b);
|
||||||
|
printf(" secure-noroot: %s (%s)\n",
|
||||||
|
(set & 1) ? "yes":"no",
|
||||||
|
(set & 2) ? "locked":"unlocked");
|
||||||
|
--
|
||||||
|
cgit v0.9.2
|
||||||
|
From 056ffb0bd25d91ffbcb83c521fc4d3d9904ec4d4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew G. Morgan <morgan@kernel.org>
|
||||||
|
Date: Sun, 31 Jul 2011 01:22:21 +0000
|
||||||
|
Subject: setcap: comment to help the user figure out why setcap is failing.
|
||||||
|
|
||||||
|
The file capabilities are not as expressive as process capabilities
|
||||||
|
(for a reason - see the NOTES section of 'man 3 cap_set_file').
|
||||||
|
|
||||||
|
The effective bits on a file under linux are captured by a single
|
||||||
|
boolean. As such attempting to partially set effective bits via the
|
||||||
|
more fully expressive process capability representation (cap_from_text)
|
||||||
|
sometimes yields an error. From now on, suggest that when the user
|
||||||
|
attempts to do this and an error occurs, the error might be such a
|
||||||
|
mismatch between effective and the other capability bits.
|
||||||
|
|
||||||
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
||||||
|
---
|
||||||
|
diff --git a/progs/setcap.c b/progs/setcap.c
|
||||||
|
index 0215fc4..83090ae 100644
|
||||||
|
--- a/progs/setcap.c
|
||||||
|
+++ b/progs/setcap.c
|
||||||
|
@@ -26,7 +26,7 @@ static void usage(void)
|
||||||
|
|
||||||
|
static int read_caps(int quiet, const char *filename, char *buffer)
|
||||||
|
{
|
||||||
|
- int i=MAXCAP;
|
||||||
|
+ int i = MAXCAP;
|
||||||
|
|
||||||
|
if (!quiet) {
|
||||||
|
fprintf(stderr, "Please enter caps for file [empty line to end]:\n");
|
||||||
|
@@ -170,10 +170,33 @@ int main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
retval = cap_set_file(*++argv, cap_d);
|
||||||
|
if (retval != 0) {
|
||||||
|
+ int explained = 0;
|
||||||
|
+#ifdef linux
|
||||||
|
+ cap_value_t cap;
|
||||||
|
+ cap_flag_value_t per_state;
|
||||||
|
+
|
||||||
|
+ for (cap = 0;
|
||||||
|
+ cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
|
||||||
|
+ cap++) {
|
||||||
|
+ cap_flag_value_t inh_state, eff_state;
|
||||||
|
+
|
||||||
|
+ cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
|
||||||
|
+ cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
|
||||||
|
+ if ((inh_state | per_state) != eff_state) {
|
||||||
|
+ fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
|
||||||
|
+ " exactly match the union of selected permitted and inheritable bits.\n");
|
||||||
|
+ explained = 1;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif /* def linux */
|
||||||
|
+
|
||||||
|
fprintf(stderr,
|
||||||
|
"Failed to set capabilities on file `%s' (%s)\n",
|
||||||
|
argv[0], strerror(errno));
|
||||||
|
- usage();
|
||||||
|
+ if (!explained) {
|
||||||
|
+ usage();
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (cap_d) {
|
||||||
|
--
|
||||||
|
cgit v0.9.2
|
Loading…
Reference in new issue