package-nopast/base/libcap/0001-upstream-fixes.patch

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../libcap/0001-upstream-fixes.patch
# Copyright (C) 2013 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---

Fixes found in the upstream repository

https://git.kernel.org/cgit/linux/kernel/git/morgan/libcap.git/


From 616a03da55bbaefce4055d4e47a81cd85f3161e2 Mon Sep 17 00:00:00 2001
From: Andrew G. Morgan <morgan@kernel.org>
Date: Sun, 31 Jul 2011 00:39:27 +0000
Subject: Fix a compiler warning(error) for format mismatch.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
diff --git a/progs/capsh.c b/progs/capsh.c
index 52336d7..3ceadcd 100644
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -520,7 +520,8 @@ int main(int argc, char *argv[], char *envp[])
 	    if (set >= 0) {
 		const char *b;
 		b = binary(set);  /* use verilog convention for binary string */
-		printf("Securebits: 0%o/0x%x/%u'b%s\n", set, set, strlen(b), b);
+		printf("Securebits: 0%o/0x%x/%u'b%s\n", set, set,
+		       (unsigned) strlen(b), b);
 		printf(" secure-noroot: %s (%s)\n",
 		       (set & 1) ? "yes":"no",
 		       (set & 2) ? "locked":"unlocked");
--
cgit v0.9.2
From 056ffb0bd25d91ffbcb83c521fc4d3d9904ec4d4 Mon Sep 17 00:00:00 2001
From: Andrew G. Morgan <morgan@kernel.org>
Date: Sun, 31 Jul 2011 01:22:21 +0000
Subject: setcap: comment to help the user figure out why setcap is failing.

The file capabilities are not as expressive as process capabilities
(for a reason - see the NOTES section of 'man 3 cap_set_file').

The effective bits on a file under linux are captured by a single
boolean. As such attempting to partially set effective bits via the
more fully expressive process capability representation (cap_from_text)
sometimes yields an error. From now on, suggest that when the user
attempts to do this and an error occurs, the error might be such a
mismatch between effective and the other capability bits.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
diff --git a/progs/setcap.c b/progs/setcap.c
index 0215fc4..83090ae 100644
--- a/progs/setcap.c
+++ b/progs/setcap.c
@@ -26,7 +26,7 @@ static void usage(void)
 
 static int read_caps(int quiet, const char *filename, char *buffer)
 {
-    int i=MAXCAP;
+    int i = MAXCAP;
 
     if (!quiet) {
 	fprintf(stderr,	"Please enter caps for file [empty line to end]:\n");
@@ -170,10 +170,33 @@ int main(int argc, char **argv)
 	    }
 	    retval = cap_set_file(*++argv, cap_d);
 	    if (retval != 0) {
+		int explained = 0;
+#ifdef linux
+		cap_value_t cap;
+		cap_flag_value_t per_state;
+
+		for (cap = 0;
+		     cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
+		     cap++) {
+		    cap_flag_value_t inh_state, eff_state;
+
+		    cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
+		    cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
+		    if ((inh_state | per_state) != eff_state) {
+			fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
+				"      exactly match the union of selected permitted and inheritable bits.\n");
+			explained = 1;
+			break;
+		    }
+		}
+#endif /* def linux */
+		
 		fprintf(stderr,
 			"Failed to set capabilities on file `%s' (%s)\n",
 			argv[0], strerror(errno));
-		usage();
+		if (!explained) {
+		    usage();
+		}
 	    }
 	}
 	if (cap_d) {
--
cgit v0.9.2