Bug#689035: libcap2: List of capabilities not in sync with the linux kernel and libc6

2013-01-18 Thread Serge Hallyn
Package: libcap2
Version: 1:2.22-1.2
Followup-For: Bug #689035
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu raring ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * Add patch (which has been forwarded to the upstream maintainer) to define
new capabilities in most recent kernels.  (LP: #1084000) (Closes: #689035)

This is submitted as an alternative to the previous patch, which uses
the kernel's capability.h to build.  The downside of that patch is that,
for instance, 'capsh --print' still does not know the names of 35 and
36.  With this patch it does.

Thanks for considering the patch.


diff -Nru libcap2-2.22/debian/changelog libcap2-2.22/debian/changelog
diff -Nru libcap2-2.22/debian/control libcap2-2.22/debian/control
--- libcap2-2.22/debian/control 2012-11-26 11:30:29.0 -0600
+++ libcap2-2.22/debian/control 2013-01-18 15:41:48.0 -0600
@@ -1,8 +1,7 @@
 Source: libcap2
 Section: libs
 Priority: optional
-Maintainer: Ubuntu Developers 
-XSBC-Original-Maintainer: Torsten Werner 
+Maintainer: Torsten Werner 
 Standards-Version: 3.9.0
 Build-Depends: debhelper (>= 8.1.3~), indent, libattr1-dev, libpam0g-dev
 Homepage: http://sites.google.com/site/fullycapable/
diff -Nru 
libcap2-2.22/debian/patches/0001-Add-CAP_WAKE_ALARM-and-CAP_BLOCK_SUSPEND-to-capabili.patch
 
libcap2-2.22/debian/patches/0001-Add-CAP_WAKE_ALARM-and-CAP_BLOCK_SUSPEND-to-capabili.patch
--- 
libcap2-2.22/debian/patches/0001-Add-CAP_WAKE_ALARM-and-CAP_BLOCK_SUSPEND-to-capabili.patch
 1969-12-31 18:00:00.0 -0600
+++ 
libcap2-2.22/debian/patches/0001-Add-CAP_WAKE_ALARM-and-CAP_BLOCK_SUSPEND-to-capabili.patch
 2013-01-18 15:34:20.0 -0600
@@ -0,0 +1,34 @@
+From 41ec6f9bdde6998518dd3a8afd8fcc286b81bce3 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn 
+Date: Fri, 18 Jan 2013 15:31:09 -0600
+Subject: [PATCH 1/1] Add CAP_WAKE_ALARM and CAP_BLOCK_SUSPEND to capability.h
+
+Signed-off-by: Serge Hallyn 
+---
+ libcap/include/linux/capability.h | 10 +-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/libcap/include/linux/capability.h 
b/libcap/include/linux/capability.h
+index 4924f2a..57026be 100644
+--- a/libcap/include/linux/capability.h
 b/libcap/include/linux/capability.h
+@@ -360,7 +360,15 @@ struct cpu_vfs_cap_data {
+CAP_SYS_ADMIN is not acceptable anymore. */
+ #define CAP_SYSLOG   34
+ 
+-#define CAP_LAST_CAP CAP_SYSLOG
++/* Allow triggering something that will wake the system */
++
++#define CAP_WAKE_ALARM35
++
++/* Allow preventing system suspends */
++
++#define CAP_BLOCK_SUSPEND36
++
++#define CAP_LAST_CAP CAP_BLOCK_SUSPEND
+ 
+ #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
+ 
+-- 
+1.8.0
+
diff -Nru libcap2-2.22/debian/patches/series libcap2-2.22/debian/patches/series
--- libcap2-2.22/debian/patches/series  2012-07-06 11:53:43.0 -0500
+++ libcap2-2.22/debian/patches/series  2013-01-18 15:34:31.0 -0600
@@ -1,2 +1,3 @@
 0001-fix-Makefiles.patch
 0003-refine-setcap-error-message.patch
+0001-Add-CAP_WAKE_ALARM-and-CAP_BLOCK_SUSPEND-to-capabili.patch


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org



Bug#689035: libcap2: List of capabilities not in sync with the linux kernel and libc6

2012-09-28 Thread Henrik Ahlgren
Package: libcap2
Version: 1:2.22-1.2
Severity: important
Tags: upstream

Dear Maintainer,

The libcap2 source tree contains a copy of the header file
linux/capability.h that is from an older kernel version and
is missing the capability CAP_WAKE_ALARM (35).

This causes e.g. lxc-start to fail when running as non-root
using capabilities:

  lxc-start: failed to cap_get_flag: Invalid argument
  lxc-start: failed to clone(0x6c02): Operation not permitted
  lxc-start: Operation not permitted - failed to fork into a new namespace

lxc loops through the capabilities up to CAP_LAST_CAP (35), but
cap_get_flag returns an error since it has CAP_LAST_CAP=34.

The library should either be patched to use the libc6-dev version
of the header file (/usr/include/linux/capability.h), or the
included header file should be upgraded to a later version.

Regards, Henrik

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libcap2 depends on:
ii  libattr1   1:2.4.46-8
ii  libc6  2.13-35
ii  multiarch-support  2.13-35

libcap2 recommends no packages.

libcap2 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org