[Touch-packages] [Bug 1955804] Re: make and make test fail
Confused about this bug. The first entry refers to Go package compilation failing for libcap-2.32. It is not clear which version of golang is installed, but the whole module support for Go has changed substantially since libcap-2.32 was new. Modern golang does not work with that old version of libcap. Please try libcap-2.66. A walk through of using it is documented here: https://sites.google.com/site/fullycapable/getting-started-with-go The second comment in this bug has nothing to do with Go, but refers to trying to build libcap-2.24 (which is yet older). The failure mode there is because libattr is not installed on your system. FWIW the need for `-lattr` was removed in libcap-2.25 via this commit. https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=85f38a573fc47472ab792e813b6f6b6f0b1df112 Again the current libcap release is 2.66. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1955804 Title: make and make test fail Status in libcap2 package in Ubuntu: New Bug description: Hello, make and make test fail like the printscreen following : CGO_LDFLAGS_ALLOW="-Wl,-wrap,.+" CGO_CFLAGS="-I/home/ubuntu/programs/libcap-2.32/libcap/include" CGO_LDFLAGS="-L/home/ubuntu/programs/libcap-2.32/libcap" GOPATH="/home/ubuntu/programs/libcap-2.32/go" go install libcap/psx go install: version is required when current directory is not in a module Try 'go install libcap/psx@latest' to install the latest version make[1]: *** [Makefile:37 : pkg/linux_amd64/libcap/psx.a] Erreur 1 make[1] : on quitte le répertoire « /home/ubuntu/programs/libcap-2.32/go » make: *** [Makefile:13 : all] Erreur 2 root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# go install libcap/psx@latest go install: libcap/psx@latest: malformed module path "libcap/psx": missing dot in first path element root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# thank you in advance to help myself fully install your program, Regards. Dorian ROSSE. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1955804/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
Had not heard about this specifically before. Some bug fixes to pam_cap.so found by static analysis: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=954a5ce4fdf195e062909f2c921d8f915d2905b9 https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=552db8f4116df3fad4e4ebf90a9a05a77b9486fd Perhaps they address this problem? The more recent of these two appeared in libcap-2.50. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Confirmed Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1704416] Re: CAP_AUDIT_READ is not supported on Xenial
This was fixed upstream in libcap-2.25 : https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=9c3d89fbb9d819ade80b544f8a35f7b90c07cd14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1704416 Title: CAP_AUDIT_READ is not supported on Xenial Status in libcap2 package in Ubuntu: New Bug description: I'm encountering the same issue as #1451601 describes. The fix, a more recent libcap2 2.25, has made it into the Yakkety distribution but not Xenial. Summary of the problem: One cannot raise or lower CAP_AUDIT_READ, which is equal to decimal value 37. As compiled, libcap2 2.24 supports up to CAP_BLOCK_SUSPEND (36). lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 apt-cache policy libcap2 libcap2: Installed: 1:2.24-12 Candidate: 1:2.24-12 Version table: *** 1:2.24-12 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status setcap cap_audit_read=eip /bin/ls fatal error: Invalid argument usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ] Note must be a regular (non-symlink) file. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1704416/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1955804] Re: make and make test fail
Is this still a problem with libcap-2.66 ? https://git.kernel.org/pub/scm/libs/libcap/libcap.git/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1955804 Title: make and make test fail Status in libcap2 package in Ubuntu: New Bug description: Hello, make and make test fail like the printscreen following : CGO_LDFLAGS_ALLOW="-Wl,-wrap,.+" CGO_CFLAGS="-I/home/ubuntu/programs/libcap-2.32/libcap/include" CGO_LDFLAGS="-L/home/ubuntu/programs/libcap-2.32/libcap" GOPATH="/home/ubuntu/programs/libcap-2.32/go" go install libcap/psx go install: version is required when current directory is not in a module Try 'go install libcap/psx@latest' to install the latest version make[1]: *** [Makefile:37 : pkg/linux_amd64/libcap/psx.a] Erreur 1 make[1] : on quitte le répertoire « /home/ubuntu/programs/libcap-2.32/go » make: *** [Makefile:13 : all] Erreur 2 root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# go install libcap/psx@latest go install: libcap/psx@latest: malformed module path "libcap/psx": missing dot in first path element root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# thank you in advance to help myself fully install your program, Regards. Dorian ROSSE. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1955804/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap
FWIW This used to be the default inside the libcap build tree, but the problems with the container defaults (eventually fixed with https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq ) changed my position on this: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=2b5f5635be6131d7e89b4c6244b29f32ebd163c1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700814 Title: Default capability of cap_setfcap+i should be set on setcap Status in libcap2 package in Ubuntu: New Bug description: If I grant a user (via pam_cap) cap_setfcap+i, I would then expect them to be able to use setcap without sudo. setcap is not provided with any default file capabilities however, so either the user has to sudo, or I have to grant the setfcap capability to setcap with setcap. In my mind, it would be reasonable to grant setfcap+i to setcap by default on installation. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
