r1795 - in trunk: . libcap

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sun Apr 15 14:12:13 PDT 2007


Author: randy
Date: 2007-04-15 15:12:13 -0600 (Sun, 15 Apr 2007)
New Revision: 1795

Added:
   trunk/libcap/
   trunk/libcap/libcap-1.10-fedora_fixes-1.patch
Log:
Added a patch for the libcap package

Added: trunk/libcap/libcap-1.10-fedora_fixes-1.patch
===================================================================
--- trunk/libcap/libcap-1.10-fedora_fixes-1.patch	                        (rev 0)
+++ trunk/libcap/libcap-1.10-fedora_fixes-1.patch	2007-04-15 21:12:13 UTC (rev 1795)
@@ -0,0 +1,490 @@
+Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
+Date:                    2007-04-15
+Initial Package Version: 1.10
+Upstream Status:         Unknown (package no longer maintained?)
+Origin:                  Fedora CVS
+Description:             Fixes build issues, adds capability references. See
+                         http://cvs.fedora.redhat.com/viewcvs/devel/libcap/ for
+                         details about the following patches, all rolled into
+                         this patch:
+                         Patch1: libcap-1.10-userland.patch
+                         Patch2: libcap-1.10-shared.patch
+                         Patch3: libcap-1.10-useCFLAGSwithCC.patch
+                         Patch4: libcap-1.10-debian.patch
+                         Patch5: libcap-1.10-nostaticlib.patch
+                         Patch6: libcap-1.10-fPIC.patch
+                         Patch7: libcap-1.10-audit.patch
+
+
+diff -Naur libcap-1.10-orig/Make.Rules libcap-1.10/Make.Rules
+--- libcap-1.10-orig/Make.Rules	1999-11-18 06:06:02.000000000 +0000
++++ libcap-1.10/Make.Rules	2007-04-15 00:00:09.000000000 +0000
+@@ -8,7 +8,7 @@
+ 
+ # common 'packaging' directoty
+ 
+-FAKEROOT=
++FAKEROOT=$(DESTDIR)
+ 
+ # Autoconf-style prefixes are activated when $(prefix) is defined.
+ # Otherwise binaries and libraraies are installed in /{lib,sbin}/,
+@@ -18,13 +18,13 @@
+ exec_prefix=$(prefix)
+ lib_prefix=$(exec_prefix)
+ inc_prefix=$(lib_prefix)
+-man_prefix=$(prefix)
++man_prefix=$(prefix)/share
+ else
+ prefix=/usr
+ exec_prefix=
+ lib_prefix=$(exec_prefix)
+ inc_prefix=$(prefix)
+-man_prefix=$(prefix)
++man_prefix=$(prefix)/share
+ endif
+ 
+ # Target directories
+diff -Naur libcap-1.10-orig/Makefile libcap-1.10/Makefile
+--- libcap-1.10-orig/Makefile	1999-04-17 22:16:31.000000000 +0000
++++ libcap-1.10/Makefile	2007-04-15 00:00:09.000000000 +0000
+@@ -3,17 +3,20 @@
+ #
+ # Makefile for libcap
+ 
++ifndef topdir
+ topdir=$(shell pwd)
+-include Make.Rules
++endif
++include $(topdir)/Make.Rules
++DESTDIR=
+ 
+ #
+ # flags
+ #
+ 
+ all install clean: %: %-here
+-	make -C libcap $(MAKE_DEFS) $@
+-	make -C progs $(MAKE_DEFS) $@
+-	make -C doc $(MAKE_DEFS) $@
++	make -C $(topdir)/libcap $(MAKE_DEFS) $@
++	make -C $(topdir)/progs $(MAKE_DEFS) $@
++	make -C $(topdir)/doc $(MAKE_DEFS) $@
+ 
+ all-here:
+ 
+diff -Naur libcap-1.10-orig/libcap/Makefile libcap-1.10/libcap/Makefile
+--- libcap-1.10-orig/libcap/Makefile	1999-04-17 22:16:31.000000000 +0000
++++ libcap-1.10/libcap/Makefile	2007-04-15 00:02:58.000000000 +0000
+@@ -24,12 +24,14 @@
+ #
+ # defines
+ #
++ifndef topdir
+ topdir=$(shell pwd)/..
+-include ../Make.Rules
++endif
++include $(topdir)/Make.Rules
+ #
+ # Library version
+ #
+-LIBNAME=libcap.so
++LIBNAME=libcap
+ #
+ 
+ FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys
+@@ -39,7 +41,8 @@
+ 
+ INCLS=libcap.h cap_names.h $(INCS)
+ OBJS=$(addsuffix .o, $(FILES))
+-MAJLIBNAME=$(LIBNAME).$(VERSION)
++LOBJS=$(addsuffix .lo, $(FILES))
++MAJLIBNAME=$(LIBNAME).so.$(VERSION)
+ MINLIBNAME=$(MAJLIBNAME).$(MINOR)
+ 
+ all: $(MINLIBNAME)
+@@ -51,17 +54,21 @@
+ 	./_makenames > cap_names.h
+ 
+ cap_names.sed: Makefile /usr/include/linux/capability.h
+-	@echo "=> making cap_names.c from <linux/capability.h>"
+-	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
+-#	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
++cap_names.sed: Makefile include/sys/capability.h
++	@echo "=> making cap_names.c from <sys/capability.h>"
++	@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < include/sys/capability.h | fgrep -v 0x > cap_names.sed 
++#   @sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/  \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed
+ 
+-$(MINLIBNAME): $(OBJS)
+-	$(LD) -soname $(MAJLIBNAME) -x -shared -o $@ $(OBJS)
++$(MINLIBNAME): $(LOBJS)
++	$(CC) $(COPTFLAG) -Wl,-soname,$(MAJLIBNAME) -Wl,-x -shared -fPIC -o $@ $(LOBJS)
+ 	ln -sf $(MINLIBNAME) $(MAJLIBNAME)
+-	ln -sf $(MAJLIBNAME) $(LIBNAME)
++	ln -sf $(MAJLIBNAME) $(LIBNAME).so
+ 
+ %.o: %.c $(INCLS)
+-	$(CC) $(CFLAGS) -c $< -o $@
++	$(CC) $(CFLAGS) -fPIC -c $< -o $@
++
++%.lo: %.c $(INCLS)
++	$(CC) $(CFLAGS) -fPIC -c $< -o $@
+ 
+ install: all
+ 	mkdir -p -m 0755 $(INCDIR)/sys
+@@ -69,12 +76,12 @@
+ 	mkdir -p -m 0755 $(LIBDIR)
+ 	install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME)
+ 	ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME)
+-	ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME)
++	ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME).so
+ 	-/sbin/ldconfig
+ 
+ clean:
+ 	$(LOCALCLEAN)
+-	rm -f $(OBJS) $(LIBNAME)*
++	rm -f $(OBJS) $(LOBJS) $(LIBNAME).so*
+ 	rm -f cap_names.h cap_names.sed _makenames
+ 	cd include/sys && $(LOCALCLEAN)
+ 
+diff -Naur libcap-1.10-orig/libcap/_makenames.c libcap-1.10/libcap/_makenames.c
+--- libcap-1.10-orig/libcap/_makenames.c	1999-05-14 04:46:15.000000000 +0000
++++ libcap-1.10/libcap/_makenames.c	2007-04-15 00:00:09.000000000 +0000
+@@ -9,7 +9,7 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
+-#include <linux/capability.h>
++#include <sys/capability.h>
+ 
+ /*
+  * #include 'sed' generated array
+diff -Naur libcap-1.10-orig/libcap/cap_sys.c libcap-1.10/libcap/cap_sys.c
+--- libcap-1.10-orig/libcap/cap_sys.c	1999-04-17 22:16:31.000000000 +0000
++++ libcap-1.10/libcap/cap_sys.c	2007-04-15 00:00:09.000000000 +0000
+@@ -11,6 +11,8 @@
+ #define __LIBRARY__
+ #include <linux/unistd.h>
+ 
++/* glibc >= 2.1 knows capset/capget. no need to define it here */
++/*
+ _syscall2(int, capget,
+ 	  cap_user_header_t, header,
+ 	  cap_user_data_t, data)
+@@ -18,6 +20,7 @@
+ _syscall2(int, capset,
+ 	  cap_user_header_t, header,
+ 	  const cap_user_data_t, data)
++*/
+ 
+ /*
+  * $Log: cap_sys.c,v $
+diff -Naur libcap-1.10-orig/libcap/include/sys/capability.h libcap-1.10/libcap/include/sys/capability.h
+--- libcap-1.10-orig/libcap/include/sys/capability.h	1999-11-18 06:19:21.000000000 +0000
++++ libcap-1.10/libcap/include/sys/capability.h	2007-04-15 00:03:26.000000000 +0000
+@@ -21,7 +21,293 @@
+  */
+ 
+ #include <sys/types.h>
+-#include <linux/capability.h>
++#include <stdint.h>
++
++/*
++ * This is <linux/capability.h>
++ *
++ * Andrew G. Morgan <morgan at transmeta.com>
++ * Alexander Kjeldaas <astor at guardian.no>
++ * with help from Aleph1, Roland Buresund and Andrew Main.
++ *
++ * See here for the libcap library ("POSIX draft" compliance):
++ *
++ * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/
++ */ 
++
++#ifndef _LINUX_CAPABILITY_H
++#define _LINUX_CAPABILITY_H
++
++#include <linux/types.h>
++/*#include <linux/fs.h>*/
++   
++/* User-level do most of the mapping between kernel and user
++   capabilities based on the version tag given by the kernel. The
++   kernel might be somewhat backwards compatible, but don't bet on
++   it. */
++
++/* XXX - Note, cap_t, is defined by POSIX to be an "opaque" pointer to
++   a set of three capability sets.  The transposition of 3*the
++   following structure to such a composite is better handled in a user
++   library since the draft standard requires the use of malloc/free
++   etc.. */
++ 
++#define _LINUX_CAPABILITY_VERSION  0x19980330
++
++typedef struct __user_cap_header_struct {
++   __u32 version;
++   int pid;
++} *cap_user_header_t;
++ 
++typedef struct __user_cap_data_struct {
++        __u32 effective;
++        __u32 permitted;
++        __u32 inheritable;
++} *cap_user_data_t;
++  
++#ifdef __KERNEL__
++
++/* #define STRICT_CAP_T_TYPECHECKS */
++
++#ifdef STRICT_CAP_T_TYPECHECKS
++
++typedef struct kernel_cap_struct {
++   __u32 cap;
++} kernel_cap_t;
++
++#else
++
++typedef __u32 kernel_cap_t;
++
++#endif
++  
++#define _USER_CAP_HEADER_SIZE  (2*sizeof(__u32))
++#define _KERNEL_CAP_T_SIZE     (sizeof(kernel_cap_t))
++
++#endif
++
++
++/**
++ ** POSIX-draft defined capabilities. 
++ **/
++
++/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
++   overrides the restriction of changing file ownership and group
++   ownership. */
++
++#define CAP_CHOWN            0
++
++/* Override all DAC access, including ACL execute access if
++   [_POSIX_ACL] is defined. Excluding DAC access covered by
++   CAP_LINUX_IMMUTABLE. */
++
++#define CAP_DAC_OVERRIDE     1
++
++/* Overrides all DAC restrictions regarding read and search on files
++   and directories, including ACL restrictions if [_POSIX_ACL] is
++   defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
++
++#define CAP_DAC_READ_SEARCH  2
++    
++/* Overrides all restrictions about allowed operations on files, where
++   file owner ID must be equal to the user ID, except where CAP_FSETID
++   is applicable. It doesn't override MAC and DAC restrictions. */
++
++#define CAP_FOWNER           3
++
++/* Overrides the following restrictions that the effective user ID
++   shall match the file owner ID when setting the S_ISUID and S_ISGID
++   bits on that file; that the effective group ID (or one of the
++   supplementary group IDs) shall match the file owner ID when setting
++   the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
++   cleared on successful return from chown(2) (not implemented). */
++
++#define CAP_FSETID           4
++
++/* Used to decide between falling back on the old suser() or fsuser(). */
++
++#define CAP_FS_MASK          0x1f
++
++/* Overrides the restriction that the real or effective user ID of a
++   process sending a signal must match the real or effective user ID
++   of the process receiving the signal. */
++
++#define CAP_KILL             5
++
++/* Allows setgid(2) manipulation */
++/* Allows setgroups(2) */
++/* Allows forged gids on socket credentials passing. */
++
++#define CAP_SETGID           6
++
++/* Allows set*uid(2) manipulation (including fsuid). */
++/* Allows forged pids on socket credentials passing. */
++
++#define CAP_SETUID           7
++
++
++/**
++ ** Linux-specific capabilities
++ **/
++
++/* Transfer any capability in your permitted set to any pid,
++   remove any capability in your permitted set from any pid */
++
++#define CAP_SETPCAP          8
++
++/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */
++
++#define CAP_LINUX_IMMUTABLE  9
++
++/* Allows binding to TCP/UDP sockets below 1024 */
++/* Allows binding to ATM VCIs below 32 */
++
++#define CAP_NET_BIND_SERVICE 10
++
++/* Allow broadcasting, listen to multicast */
++
++#define CAP_NET_BROADCAST    11
++
++/* Allow interface configuration */
++/* Allow administration of IP firewall, masquerading and accounting */
++/* Allow setting debug option on sockets */
++/* Allow modification of routing tables */
++/* Allow setting arbitrary process / process group ownership on
++   sockets */
++/* Allow binding to any address for transparent proxying */
++/* Allow setting TOS (type of service) */
++/* Allow setting promiscuous mode */
++/* Allow clearing driver statistics */
++/* Allow multicasting */
++/* Allow read/write of device-specific registers */
++/* Allow activation of ATM control sockets */
++
++#define CAP_NET_ADMIN        12
++
++/* Allow use of RAW sockets */
++/* Allow use of PACKET sockets */
++
++#define CAP_NET_RAW          13
++
++/* Allow locking of shared memory segments */
++/* Allow mlock and mlockall (which doesn't really have anything to do
++   with IPC) */
++
++#define CAP_IPC_LOCK         14
++
++/* Override IPC ownership checks */
++
++#define CAP_IPC_OWNER        15
++
++/* Insert and remove kernel modules - modify kernel without limit */
++/* Modify cap_bset */
++#define CAP_SYS_MODULE       16
++
++/* Allow ioperm/iopl access */
++/* Allow sending USB messages to any device via /proc/bus/usb */
++
++#define CAP_SYS_RAWIO        17
++
++/* Allow use of chroot() */
++
++#define CAP_SYS_CHROOT       18
++
++/* Allow ptrace() of any process */
++
++#define CAP_SYS_PTRACE       19
++
++/* Allow configuration of process accounting */
++
++#define CAP_SYS_PACCT        20
++
++/* Allow configuration of the secure attention key */
++/* Allow administration of the random device */
++/* Allow examination and configuration of disk quotas */
++/* Allow configuring the kernel's syslog (printk behaviour) */
++/* Allow setting the domainname */
++/* Allow setting the hostname */
++/* Allow calling bdflush() */
++/* Allow mount() and umount(), setting up new smb connection */
++/* Allow some autofs root ioctls */
++/* Allow nfsservctl */
++/* Allow VM86_REQUEST_IRQ */
++/* Allow to read/write pci config on alpha */
++/* Allow irix_prctl on mips (setstacksize) */
++/* Allow flushing all cache on m68k (sys_cacheflush) */
++/* Allow removing semaphores */
++/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
++   and shared memory */
++/* Allow locking/unlocking of shared memory segment */
++/* Allow turning swap on/off */
++/* Allow forged pids on socket credentials passing */
++/* Allow setting readahead and flushing buffers on block devices */
++/* Allow setting geometry in floppy driver */
++/* Allow turning DMA on/off in xd driver */
++/* Allow administration of md devices (mostly the above, but some
++   extra ioctls) */
++/* Allow tuning the ide driver */
++/* Allow access to the nvram device */
++/* Allow administration of apm_bios, serial and bttv (TV) device */
++/* Allow manufacturer commands in isdn CAPI support driver */
++/* Allow reading non-standardized portions of pci configuration space */
++/* Allow DDI debug ioctl on sbpcd driver */
++/* Allow setting up serial ports */
++/* Allow sending raw qic-117 commands */
++/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
++   arbitrary SCSI commands */
++/* Allow setting encryption key on loopback filesystem */
++
++#define CAP_SYS_ADMIN        21
++
++/* Allow use of reboot() */
++
++#define CAP_SYS_BOOT         22
++
++/* Allow raising priority and setting priority on other (different
++   UID) processes */
++/* Allow use of FIFO and round-robin (realtime) scheduling on own
++   processes and setting the scheduling algorithm used by another
++   process. */
++
++#define CAP_SYS_NICE         23
++
++/* Override resource limits. Set resource limits. */
++/* Override quota limits. */
++/* Override reserved space on ext2 filesystem */
++/* NOTE: ext2 honors fsuid when checking for resource overrides, so 
++   you can override using fsuid too */
++/* Override size restrictions on IPC message queues */
++/* Allow more than 64hz interrupts from the real-time clock */
++/* Override max number of consoles on console allocation */
++/* Override max number of keymaps */
++
++#define CAP_SYS_RESOURCE     24
++
++/* Allow manipulation of system clock */
++/* Allow irix_stime on mips */
++/* Allow setting the real-time clock */
++
++#define CAP_SYS_TIME         25
++
++/* Allow configuration of tty devices */
++/* Allow vhangup() of tty */
++
++#define CAP_SYS_TTY_CONFIG   26
++
++/* Allow the privileged aspects of mknod() */
++
++#define CAP_MKNOD            27
++
++/* Allow taking of leases on files */
++
++#define CAP_LEASE            28
++
++#define CAP_AUDIT_WRITE      29
++
++#define CAP_AUDIT_CONTROL    30
++
++#endif /* !_LINUX_CAPABILITY_H */
++
+ 
+ /*
+  * POSIX capability types
+diff -Naur libcap-1.10-orig/progs/Makefile libcap-1.10/progs/Makefile
+--- libcap-1.10-orig/progs/Makefile	1999-04-17 22:16:31.000000000 +0000
++++ libcap-1.10/progs/Makefile	2007-04-14 23:59:45.000000000 +0000
+@@ -36,7 +36,7 @@
+ all: $(PROGS)
+ 
+ $(PROGS): %: %.o
+-	$(CC) $(LDFLAGS) -o $@ $< $(LIBS)
++	$(CC) $(COPTFLAG) $(LDFLAGS) -o $@ $< $(LIBS)
+ 
+ %.o: %.c $(INCS)
+ 	$(CC) $(CFLAGS) -c $< -o $@




More information about the patches mailing list