posted Jan 31, 2016, 8:42 AM by Andrew G. Morgan
- Recover gperf detection in make rules (thanks to Matthieu Crapet).
- Man page typo fix (thanks to Omair Majid).
- Tweak make rules to make packaging more straightforward (thanks to Benedikt Morbach).
- Fix error explanation in setcap (thanks to Mike Frysinger).
- Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous.
|
posted Jan 5, 2014, 5:26 PM by Andrew G. Morgan
- Fix compilation problems (note to self, make distclean && make, before release)
- Thanks to Tom Gundersen and Allan McRae for finding and fixing the issues.
- Some make rule changes to make uploading a release to kernel.org easier for me.
- Tidied up some documented links. Patch from Xose Vazquez Perez.
|
posted Dec 24, 2013, 11:55 AM by Andrew G. Morgan
[884 days pass...] - get libcap to compile with modern kernels. This adds support for newer capabilities: CAP_WAKE_ALARM; CAP_BLOCK_SUSPEND.
- include a libcap.pc file for package maintainers (thanks to Bryan Kadzban, and Thomas H.P. Anderson).
- clear up some signed/unsigned comparison issues (thanks to Mark Wielaard @ Redhat and, more recently from Akhil Arora @ Intel)
- add support for power-pc build (courtesy of Ivan Kabaivanov)
- we can apparently no longer rely on the system util ping to assist with testing libcap/capsh/kernel combinations, so use capsh instead. (Thanks to Serge Hallyn @ Ubuntu for debugging help.)
|
posted Jul 24, 2011, 7:33 PM by Andrew G. Morgan
- Clarified License file (with version 2 of the GPL)
- Support getting/setting capabilities on large files (Patch courtesy of Mikhail Kulinich by way of Serge Hallyn).
- After --chroot command, change working directory to "/". This follows a suggestion from Steve Grubb, who pointed out:
|
posted Apr 28, 2011, 8:17 PM by Andrew G Morgan
- Introduce cap_get_bound() and cap_drop_bound() functions.
- also include a macro CAP_IS_SUPPORTED(cap) for capabilities
- Add a manual cross link from libcap(3) to capsh(1)
|
posted Jan 18, 2011, 9:15 PM by Andrew G Morgan
- Latest kernel capabilites supported: now includes CAP_SYSLOG (patch from Sergey Senozhatsky)
- $(CFLAGS) Makefile fixes from Torsten Werner
- Default to installing setcap with an inheritable capability.
- You can disable this feature with: make RAISE_SETFCAP=no install
|
posted Jan 13, 2010, 6:12 PM by Andrew G Morgan
- Latest kernel header(s) - now include linux/securebits.h and linux/prctl.h copy
- capsh
- --print securebits in binary
- support --drop=all
- --print text usernames as well as numeric ids
- add test for max lock-down state
- New sys/securebits.h (from Serge)
|
posted Dec 25, 2009, 4:17 PM by Andrew G Morgan
- Some documentation fixes from Mike Frysinger (getcap.8 and setcap.8)
- Manual entry created for capsh.1
- Added features to capsh:
- --print supplementary group list
- --user=<foo> argument to set user and groups to named user
- --gid=<N> set gid of current user (N is numeric)
- --groups=<g1>,<g2>,... to set supplementary group list
|
posted Dec 3, 2008, 11:12 PM by Andrew G Morgan
[
updated Aug 26, 2009, 10:10 PM
]
- Fix some compilation problems (the hacky workarounds are gone now - thanks to many folk for pointing out that more recent kernels didn't like the hack that was there)
- Fixed test for setuid-0 shell scripts. Namely, they should not get capabilities when executed by someone other than root.
|
posted Dec 3, 2008, 11:09 PM by Andrew G Morgan
[
updated Dec 3, 2008, 11:12 PM
]
- The use of sed to extract capabilities from the kernel linux/capability.h header was proving problematic (it was dropping capabilities on older systems because \t wasn't correctly handled) leading to runtime seg-faults. As such, I've replaced the sed code with some perl code which appears to be more robust.
|
|
