Page MenuHomeSolus

Update libcap-ng to 0.8.2
ClosedPublic

Authored by YakoYakoYokuYoku on Thu, May 27, 12:31 AM.

Details

Summary

Changelog:

  • 0.8.2:
    • In capng_apply, continue changing capabilities when faced with an error in the bounding set to cover the possibility that someone does not check the return codes and doesn't realize they have full capabilities when they should have been dropped.
    • Improvements for runtime detection of the last valid capability.
    • If PR_CAP_AMBIENT is not available, do not build libdrop_ambient.
  • 0.8.1:
    • This release adds libdrop_ambient which can be LD_PRELOAD'ed to any application that inherits ambient capabilities to force it to drop ambient capabilities so they don't leak everywhere.
    • The capng_apply method is now more aggressive with returning errors.
    • More bug fixes.
  • 0.8:
    • This release adds support for ambient capabilities and V3 filesystem capabilities.
    • A bug in the Python bindings was also fixed which prevented use of capng_updatev.
  • 0.7.11:
    • Found that in some cases bounding set was not being cleared across a id change when requested.
    • Now there's does no need for malloc in capng_apply to prevent application hangs.
    • If procfs is not available, get bounding set via prctl. Added support for CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE.
    • More bug fixes.
  • 0.7.10:
    • This release adds capng_have_permitted_capabilities() function, filecap outputs which set the capabilities are in, filecap doesn't output an error when a file has no capabilities, added udplite support to netcap, fixed usage of pthread_atfork, and mark processes in child user namespaces with *.

Signed-off-by: Martin Reboredo <yakoyoku@gmail.com>

Test Plan

Listed all the capabilities of setcapped files and processes (filecap and pscap).

Diff Detail

Repository
R3818 libcap-ng
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

YakoYakoYokuYoku requested review of this revision.Thu, May 27, 12:31 AM
DataDrake accepted this revision.Sun, May 30, 2:56 PM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.Sun, May 30, 2:56 PM
This revision was automatically updated to reflect the committed changes.