Release notes for 2.14

Post date: Oct 25, 2008 11:07:11 PM

• • capsh now has a --decode=XXX option (use this to make sense of the capability sets you can see in /proc/<PID>/status)

$ grep Cap /proc/$$/status

CapInh: 0000000080000000

CapPrm: 0000000000000000

CapEff: 0000000000000000

CapBnd: ffffffffffffffff

$ capsh --decode=0000000080000000

0x0000000080000000=cap_setfcap

$

• • setcap binary now has a -v option (use this to verify that the capabilities on a file match what you would expect)

$ getcap setcap

setcap = cap_setfcap+i

$ setcap -v cap_setfcap=i setcap

setcap: OK

$

("= cap_setfcap+i" is equivalent to "cap_setfcap=i", read more about this with, man 3 cap_from_text .)

• • Following a suggestion from the Slackware folk (Thanks Robby Workman for pointing out Pat's change). For non-development build trees (with no .git directory), link the progs/ files dynamically - they will work after they are installed. To override this behavior, you can be explicit on the make command line as follows:

    • to build the programs statically (they can be used stand alone):

$ make distclean ; make DYNAMIC=no

• • • to build the programs dynamically (they will only work correctly when installed):

$ make distclean ; make DYNAMIC=yes

• • Documentation fix in cap_clear(3) for CAP_DIFFERS(), namely a non-zero value implies a difference exists.