Release notes for 2.33

Post date: Feb 24, 2020 1:49:31 AM

• Bugs filed against this release:

  • • [Bug 206741] Compatibility problems with some libc's: replace pthread_yield() with sched_yield() (fixed in 2.34)

• • [Bug 207439] libcap can segfault on future kernels (fixed in 2.34)

    • [Bug 207547] arm64 compile time error when building try-launching.go (golang-1.14, golang-1.14.1 and golang-1.14.2) (addressed in 2.34)

  • This release implements cap_launch functionality

    • cap_launch is a feature that will launch (fork+exec) a new program in such a way that it can inherit capabilities and a mode not held by the parent and without changing those of the parent.

    • This feature is available in C as cap_launch() and in Go as cap.(*cap.Launcher).Launch()

• It also introduces an IAB abstraction for the three inherited flavors of capability vector:

• • the I (inheritable set) of cap_t

  • the A (ambient) alternative to file capabilities

  • the B (blocking) vector [which is implemented as the inverse of the kernel's bounding set].

• pam_cap uses the above IAB abstraction instead of its own config parsing.

• libpsx now does sane things when the program fork()s. Namely the child experiences a single threaded libcap, but the parent continues to treat all threads as having a shared privilege state.

• Text format fix for getcap error output from Raymond Etornam.