[yocto] [pseudo][PATCH] Add capset pseudo function that always succeeds
Burton, Ross
ross.burton at intel.com
Fri Jun 24 06:09:09 PDT 2016
I just discovered that this was never merged, Peter can you review it?
Ross
On 3 May 2016 at 14:18, George McCollister <george.mccollister at gmail.com>
wrote:
> The setcap utility supplied by libcap is used to set capabilities on a
> file. Before setting a file's capabilities with cap_set_file() (which uses
> setxattr()) it calls cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag,
> CAP_SET). cap_set_flag() uses the capset syscall to raise the process'
> effective capability. In most cases if the process isn't running as root
> this will fail and setcap will exit with an error. Because setxattr is
> intercepted by pseudo it's unnecessary for setcap to call capset().
>
> Override capset with a pseudo function that does nothing and always
> returns 0.
>
> Signed-off-by: George McCollister <george.mccollister at gmail.com>
> ---
> ports/linux/guts/capset.c | 13 +++++++++++++
> ports/linux/portdefs.h | 2 ++
> ports/linux/pseudo_wrappers.c | 7 +++++++
> ports/linux/wrapfuncs.in | 1 +
> 4 files changed, 23 insertions(+)
> create mode 100644 ports/linux/guts/capset.c
>
> diff --git a/ports/linux/guts/capset.c b/ports/linux/guts/capset.c
> new file mode 100644
> index 0000000..51e0cdf
> --- /dev/null
> +++ b/ports/linux/guts/capset.c
> @@ -0,0 +1,13 @@
> +/*
> + * Copyright (c) 2016 Wind River Systems; see
> + * guts/COPYRIGHT for information.
> + *
> + * int capset(cap_user_header_t hdrp, const cap_user_data_t datap)
> + * int rc = -1;
> + */
> +
> + rc = real_capset(hdrp, datap);
> +
> +/* return rc;
> + * }
> + */
> diff --git a/ports/linux/portdefs.h b/ports/linux/portdefs.h
> index f0a0e40..d8c5020 100644
> --- a/ports/linux/portdefs.h
> +++ b/ports/linux/portdefs.h
> @@ -25,3 +25,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.2.5);
> #elif defined(__i386__)
> GLIBC_COMPAT_SYMBOL(memcpy,2.0);
> #endif
> +
> +#include <linux/capability.h>
> diff --git a/ports/linux/pseudo_wrappers.c b/ports/linux/pseudo_wrappers.c
> index 26b29b0..c6c072b 100644
> --- a/ports/linux/pseudo_wrappers.c
> +++ b/ports/linux/pseudo_wrappers.c
> @@ -31,3 +31,10 @@ int
> pseudo_fstat64(int fd, struct stat64 *buf) {
> return real___fxstat64(_STAT_VER, fd, buf);
> }
> +
> +int pseudo_capset(cap_user_header_t hdrp, const cap_user_data_t datap) {
> + (void)hdrp;
> + (void)datap;
> +
> + return 0;
> +}
> diff --git a/ports/linux/wrapfuncs.in b/ports/linux/wrapfuncs.in
> index 3b8955a..578db35 100644
> --- a/ports/linux/wrapfuncs.in
> +++ b/ports/linux/wrapfuncs.in
> @@ -51,3 +51,4 @@ int euidaccess(const char *path, int mode);
> int getpw(uid_t uid, char *buf);
> int getpwent_r(struct passwd *pwbuf, char *buf, size_t buflen, struct
> passwd **pwbufp);
> int getgrent_r(struct group *gbuf, char *buf, size_t buflen, struct group
> **gbufp);
> +int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /*
> real_func=pseudo_capset */
> --
> 2.8.0
>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160624/2947a97c/attachment.html>
More information about the yocto
mailing list