Release notes for 2.29

Post date: Dec 14, 2019 6:28:52 PM

• Bugs filed against this release:

  • • cap_to_text() https://bugzilla.kernel.org/show_bug.cgi?id=206183 (fixed in 2.30)

    • fakeroot incompatibility (psx fallout) https://bugzilla.kernel.org/show_bug.cgi?id=206539 (fixed in 2.32)

• • Backward incompatibility in handling of 'all' in the cap_to/from_text() functions:

    • 'all' now means 'all named capabilities' and not 'all possible capabilities'

    • the prior behavior of 'all' was no longer useful for process capabilities, and only useful for file-capabilities because of a kernel bug.

  • changes:

    • install libpsx.a in addition to libcap.a (the library is small and because of a need for linker wrapping, we don't plan to build it dynamically)

    • install the libcap/cap and libcap/psx Go packages (if built)

• Tons of man page updates catching up and documenting new convenience functions

• Added libcap functionality related to modes and some convenience functions:

• • Introduce the concept of a libcap mode: cap_get_mode(), cap_set_mode(), cap_mode_name():

    • PURE1E - disable setuid fixup mechanism for privilege-less uid=0, fully disabled ambient capabilities

    • PURE1E_INIT - PURE1E plus a clear Inheritable set

    • NOPRIV - PURE1E_INIT plus empty Permitted and Effective sets and an empty bounding set

    • Other modes are described as UNCERTAIN.

  • Add convenience functions for:

    • manipulating securebits (useful for implementing modes): cap_get_secbits(), cap_set_secbits().

    • setting all the *uid's: cap_setuid() without dropping process capabilities

    • setting all the *gid's: cap_setgroups() two calls in one: setgid() + setgroups()

• The "libcap/cap" Go package is now at parity with libcap.

• • In the absence of native Go support for POSIX semantics on system calls, "libcap/cap" uses the psx mechanism via CGo linkage.

    • I've migrated the contrib/golang/go.patch from 2.28 to https://go-review.googlesource.com/c/go/+/210639 where I'll hopefully be able to get this into the mainstream Go runtime.

• The PAM module pam_cap now supports (developed in collaboration with Knut Omang and Christoph Lameter):

• • @group syntax for identifying users collectively from the groups they are members of (as per getgroups())

    • As before, the first rule to match the authenticating user wins, so put users on lines before @groups

  • cap_foo syntax (as it did previously) means "raise this capability in the inheritable set for this user"

  • !cap_foo syntax to mean "drop this capability from the bounding set for this user"

  • ^cap_bar syntax to mean "raise this capability in both the inheritable and ambient sets".