[yocto] [pseudo][PATCH] Add capset pseudo function that always succeeds
George McCollister
george.mccollister at gmail.com
Tue May 3 06:18:37 PDT 2016
The setcap utility supplied by libcap is used to set capabilities on a
file. Before setting a file's capabilities with cap_set_file() (which uses
setxattr()) it calls cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag,
CAP_SET). cap_set_flag() uses the capset syscall to raise the process'
effective capability. In most cases if the process isn't running as root
this will fail and setcap will exit with an error. Because setxattr is
intercepted by pseudo it's unnecessary for setcap to call capset().
Override capset with a pseudo function that does nothing and always
returns 0.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
---
ports/linux/guts/capset.c | 13 +++++++++++++
ports/linux/portdefs.h | 2 ++
ports/linux/pseudo_wrappers.c | 7 +++++++
ports/linux/wrapfuncs.in | 1 +
4 files changed, 23 insertions(+)
create mode 100644 ports/linux/guts/capset.c
diff --git a/ports/linux/guts/capset.c b/ports/linux/guts/capset.c
new file mode 100644
index 0000000..51e0cdf
--- /dev/null
+++ b/ports/linux/guts/capset.c
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2016 Wind River Systems; see
+ * guts/COPYRIGHT for information.
+ *
+ * int capset(cap_user_header_t hdrp, const cap_user_data_t datap)
+ * int rc = -1;
+ */
+
+ rc = real_capset(hdrp, datap);
+
+/* return rc;
+ * }
+ */
diff --git a/ports/linux/portdefs.h b/ports/linux/portdefs.h
index f0a0e40..d8c5020 100644
--- a/ports/linux/portdefs.h
+++ b/ports/linux/portdefs.h
@@ -25,3 +25,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.2.5);
#elif defined(__i386__)
GLIBC_COMPAT_SYMBOL(memcpy,2.0);
#endif
+
+#include <linux/capability.h>
diff --git a/ports/linux/pseudo_wrappers.c b/ports/linux/pseudo_wrappers.c
index 26b29b0..c6c072b 100644
--- a/ports/linux/pseudo_wrappers.c
+++ b/ports/linux/pseudo_wrappers.c
@@ -31,3 +31,10 @@ int
pseudo_fstat64(int fd, struct stat64 *buf) {
return real___fxstat64(_STAT_VER, fd, buf);
}
+
+int pseudo_capset(cap_user_header_t hdrp, const cap_user_data_t datap) {
+ (void)hdrp;
+ (void)datap;
+
+ return 0;
+}
diff --git a/ports/linux/wrapfuncs.in b/ports/linux/wrapfuncs.in
index 3b8955a..578db35 100644
--- a/ports/linux/wrapfuncs.in
+++ b/ports/linux/wrapfuncs.in
@@ -51,3 +51,4 @@ int euidaccess(const char *path, int mode);
int getpw(uid_t uid, char *buf);
int getpwent_r(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
int getgrent_r(struct group *gbuf, char *buf, size_t buflen, struct group **gbufp);
+int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */
--
2.8.0
More information about the yocto
mailing list