[Clfs-commits] [Cross-LFS]Cross-LFS Book branch, systemd, updated. clfs-2.0.0-649-ge087b98
git
git at cross-lfs.org
Sat Jan 4 22:45:46 PST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Cross-LFS Book".
The branch, systemd has been updated
via e087b98e69946535ac5f4d55100a2925c43e9fac (commit)
via d4764b6bb0b618c91191e26dc64fe669011ec215 (commit)
from 9a3dabeb4140d7d1fcaf2f0122a1ca4f446ba051 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e087b98e69946535ac5f4d55100a2925c43e9fac
Author: Chris Staub <chris at beaker67.com>
Date: Sun Jan 5 01:45:36 2014 -0500
Uncomment sysvinit in boot section
diff --git a/BOOK/boot/alpha-chapter.xml b/BOOK/boot/alpha-chapter.xml
index 64ca89a..60610b1 100644
--- a/BOOK/boot/alpha-chapter.xml
+++ b/BOOK/boot/alpha-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/mips-chapter.xml b/BOOK/boot/mips-chapter.xml
index 8e3d54a..fc125a4 100644
--- a/BOOK/boot/mips-chapter.xml
+++ b/BOOK/boot/mips-chapter.xml
@@ -18,7 +18,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/mips64-64-chapter.xml b/BOOK/boot/mips64-64-chapter.xml
index f707254..32ccec5 100644
--- a/BOOK/boot/mips64-64-chapter.xml
+++ b/BOOK/boot/mips64-64-chapter.xml
@@ -18,7 +18,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/mips64-chapter.xml b/BOOK/boot/mips64-chapter.xml
index e0646d6..1805dd8 100644
--- a/BOOK/boot/mips64-chapter.xml
+++ b/BOOK/boot/mips64-chapter.xml
@@ -18,7 +18,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/ppc-chapter.xml b/BOOK/boot/ppc-chapter.xml
index d4cae1f..2a72b4e 100644
--- a/BOOK/boot/ppc-chapter.xml
+++ b/BOOK/boot/ppc-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/ppc64-64-chapter.xml b/BOOK/boot/ppc64-64-chapter.xml
index 2365599..e585057 100644
--- a/BOOK/boot/ppc64-64-chapter.xml
+++ b/BOOK/boot/ppc64-64-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/ppc64-chapter.xml b/BOOK/boot/ppc64-chapter.xml
index 3c402da..c9fef03 100644
--- a/BOOK/boot/ppc64-chapter.xml
+++ b/BOOK/boot/ppc64-chapter.xml
@@ -19,7 +19,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ppc64/e2fsprogs-libs.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ppc64/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/sparc-chapter.xml b/BOOK/boot/sparc-chapter.xml
index c976230..953098f 100644
--- a/BOOK/boot/sparc-chapter.xml
+++ b/BOOK/boot/sparc-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sparc/elftoaout.xml"/>
diff --git a/BOOK/boot/sparc64-64-chapter.xml b/BOOK/boot/sparc64-64-chapter.xml
index efe3272..20c65e0 100644
--- a/BOOK/boot/sparc64-64-chapter.xml
+++ b/BOOK/boot/sparc64-64-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sparc/elftoaout.xml"/>
diff --git a/BOOK/boot/sparc64-chapter.xml b/BOOK/boot/sparc64-chapter.xml
index e889fb2..2096ff1 100644
--- a/BOOK/boot/sparc64-chapter.xml
+++ b/BOOK/boot/sparc64-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sparc/elftoaout.xml"/>
diff --git a/BOOK/boot/x86-chapter.xml b/BOOK/boot/x86-chapter.xml
index 972a5f5..93b77ce 100644
--- a/BOOK/boot/x86-chapter.xml
+++ b/BOOK/boot/x86-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/x86_64-64-chapter.xml b/BOOK/boot/x86_64-64-chapter.xml
index 33ec9a9..224fe68 100644
--- a/BOOK/boot/x86_64-64-chapter.xml
+++ b/BOOK/boot/x86_64-64-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="x86_64-64/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
diff --git a/BOOK/boot/x86_64-chapter.xml b/BOOK/boot/x86_64-chapter.xml
index d6d94f0..9ce58a6 100644
--- a/BOOK/boot/x86_64-chapter.xml
+++ b/BOOK/boot/x86_64-chapter.xml
@@ -17,7 +17,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/util-linux.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="64/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/e2fsprogs.xml"/>
-<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/> -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/sysvinit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/kmod.xml"/>
<!-- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="multilib/eudev.xml"/> -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="common/pwdgroup.xml"/>
commit d4764b6bb0b618c91191e26dc64fe669011ec215
Author: Chris Staub <chris at beaker67.com>
Date: Sun Jan 5 01:42:40 2014 -0500
Add patch to fix libcap
diff --git a/BOOK/final-system/common/libcap.xml b/BOOK/final-system/common/libcap.xml
index 9139a53..fd85ef5 100644
--- a/BOOK/final-system/common/libcap.xml
+++ b/BOOK/final-system/common/libcap.xml
@@ -25,6 +25,11 @@
<sect2 role="installation">
<title>Installation of Libcap</title>
+ <para os="p1">Apply the following patch to fix a problem with Libcap's
+ installed header files:</para>
+
+<screen os="p2"><userinput>patch -Np1 -i ../libcap-&libcap-version;-uapi-1.patch</userinput></screen>
+
<para os="a">Compile the package:</para>
<screen os="b"><userinput>make</userinput></screen>
diff --git a/BOOK/materials/common/patches.xml b/BOOK/materials/common/patches.xml
index 4aa0e30..f8e47f6 100644
--- a/BOOK/materials/common/patches.xml
+++ b/BOOK/materials/common/patches.xml
@@ -93,6 +93,15 @@
</varlistentry>
<varlistentry>
+ <term>Libcap UAPI Patch - <token>&libcap-uapi-patch-size;</token>:</term>
+ <listitem>
+ <para>Download: <ulink
+ url="&patches-root;&libcap-uapi-patch;"/></para>
+ <para>MD5 sum: <literal>&libcap-uapi-patch-md5;</literal></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>Man i18n Patch - <token>&man-i18n-patch-size;</token>:</term>
<listitem>
<para>Download: <ulink
diff --git a/BOOK/patches.ent b/BOOK/patches.ent
index 82e5faf..044173f 100644
--- a/BOOK/patches.ent
+++ b/BOOK/patches.ent
@@ -44,6 +44,10 @@
<!ENTITY iputils-fixes-patch-md5 "a2e77de7fd1fc4417bce0af3e6ffdfcb">
<!ENTITY iputils-fixes-patch-size "153 KB">
+<!ENTITY libcap-uapi-patch "libcap-&libcap-version;-uapi-1.patch">
+<!ENTITY libcap-uapi-patch-md5 "0a84f95ca9906b892880f36c6894c673">
+<!ENTITY libcap-uapi-patch-size "24 KB">
+
<!ENTITY man-i18n-patch "man-&man-version;-i18n-1.patch">
<!ENTITY man-i18n-patch-md5 "a5aba0cb5a95a7945db8c882334b7dab">
<!ENTITY man-i18n-patch-size "11 KB">
diff --git a/patches/libcap-2.23-uapi-1.patch b/patches/libcap-2.23-uapi-1.patch
new file mode 100644
index 0000000..87db8d0
--- /dev/null
+++ b/patches/libcap-2.23-uapi-1.patch
@@ -0,0 +1,646 @@
+Submitted By: Chris Staub (chris at cross-lfs dot org)
+Date: 2014-01-05
+Initial Package Version: 2.23
+Origin: Upstream
+Upstream Status: Applied
+Description: Fixes libcap headers to allow other programs to link to libcap
+
+diff -Naur libcap-2.23.orig/Make.Rules libcap-2.23/Make.Rules
+--- libcap-2.23.orig/Make.Rules 2013-12-24 14:23:11.000000000 -0500
++++ libcap-2.23/Make.Rules 2014-01-05 01:23:01.000000000 -0500
+@@ -45,8 +45,8 @@
+
+ # Compilation specifics
+
+-KERNEL_HEADERS := $(topdir)/libcap/include
+-IPATH += -fPIC -I$(topdir)/libcap/include -I$(KERNEL_HEADERS)
++KERNEL_HEADERS := $(topdir)/libcap/include/uapi
++IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
+
+ CC := gcc
+ CFLAGS := -O2 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+diff -Naur libcap-2.23.orig/libcap/Makefile libcap-2.23/libcap/Makefile
+--- libcap-2.23.orig/libcap/Makefile 2013-12-24 12:08:53.000000000 -0500
++++ libcap-2.23/libcap/Makefile 2014-01-05 01:23:01.000000000 -0500
+@@ -53,7 +53,7 @@
+
+ cap_names.list.h: Makefile $(KERNEL_HEADERS)/linux/capability.h
+ @echo "=> making $@ from $(KERNEL_HEADERS)/linux/capability.h"
+- perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A-Z]+)[ \t]+([0-9]+)\s+$$/) { $$tok=$$1; $$val=$$2; $$tok =~ tr/A-Z/a-z/; print "{\"$$tok\",$$val},\n"; } }' $(KERNEL_HEADERS)/uapi/linux/capability.h | fgrep -v 0x > $@
++ perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A-Z]+)[ \t]+([0-9]+)\s+$$/) { $$tok=$$1; $$val=$$2; $$tok =~ tr/A-Z/a-z/; print "{\"$$tok\",$$val},\n"; } }' $(KERNEL_HEADERS)/linux/capability.h | fgrep -v 0x > $@
+
+ $(STALIBNAME): $(OBJS)
+ $(AR) rcs $@ $^
+diff -Naur libcap-2.23.orig/libcap/include/linux/capability.h libcap-2.23/libcap/include/linux/capability.h
+--- libcap-2.23.orig/libcap/include/linux/capability.h 2013-12-15 23:47:10.000000000 -0500
++++ libcap-2.23/libcap/include/linux/capability.h 1969-12-31 19:00:00.000000000 -0500
+@@ -1,219 +0,0 @@
+-/*
+- * This is <linux/capability.h>
+- *
+- * Andrew G. Morgan <morgan at kernel.org>
+- * Alexander Kjeldaas <astor at guardian.no>
+- * with help from Aleph1, Roland Buresund and Andrew Main.
+- *
+- * See here for the libcap library ("POSIX draft" compliance):
+- *
+- * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
+- */
+-#ifndef _LINUX_CAPABILITY_H
+-#define _LINUX_CAPABILITY_H
+-
+-#include <uapi/linux/capability.h>
+-
+-
+-#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
+-#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
+-
+-extern int file_caps_enabled;
+-
+-typedef struct kernel_cap_struct {
+- __u32 cap[_KERNEL_CAPABILITY_U32S];
+-} kernel_cap_t;
+-
+-/* exact same as vfs_cap_data but in cpu endian and always filled completely */
+-struct cpu_vfs_cap_data {
+- __u32 magic_etc;
+- kernel_cap_t permitted;
+- kernel_cap_t inheritable;
+-};
+-
+-#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
+-#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
+-
+-
+-struct file;
+-struct inode;
+-struct dentry;
+-struct user_namespace;
+-
+-struct user_namespace *current_user_ns(void);
+-
+-extern const kernel_cap_t __cap_empty_set;
+-extern const kernel_cap_t __cap_init_eff_set;
+-
+-/*
+- * Internal kernel functions only
+- */
+-
+-#define CAP_FOR_EACH_U32(__capi) \
+- for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
+-
+-/*
+- * CAP_FS_MASK and CAP_NFSD_MASKS:
+- *
+- * The fs mask is all the privileges that fsuid==0 historically meant.
+- * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
+- *
+- * It has never meant setting security.* and trusted.* xattrs.
+- *
+- * We could also define fsmask as follows:
+- * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
+- * 2. The security.* and trusted.* xattrs are fs-related MAC permissions
+- */
+-
+-# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
+- | CAP_TO_MASK(CAP_MKNOD) \
+- | CAP_TO_MASK(CAP_DAC_OVERRIDE) \
+- | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
+- | CAP_TO_MASK(CAP_FOWNER) \
+- | CAP_TO_MASK(CAP_FSETID))
+-
+-# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
+-
+-#if _KERNEL_CAPABILITY_U32S != 2
+-# error Fix up hand-coded capability macro initializers
+-#else /* HAND-CODED capability initializers */
+-
+-# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
+-# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
+-# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+- | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
+- CAP_FS_MASK_B1 } })
+-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+- | CAP_TO_MASK(CAP_SYS_RESOURCE), \
+- CAP_FS_MASK_B1 } })
+-
+-#endif /* _KERNEL_CAPABILITY_U32S != 2 */
+-
+-# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
+-
+-#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
+-#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
+-#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
+-
+-#define CAP_BOP_ALL(c, a, b, OP) \
+-do { \
+- unsigned __capi; \
+- CAP_FOR_EACH_U32(__capi) { \
+- c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
+- } \
+-} while (0)
+-
+-#define CAP_UOP_ALL(c, a, OP) \
+-do { \
+- unsigned __capi; \
+- CAP_FOR_EACH_U32(__capi) { \
+- c.cap[__capi] = OP a.cap[__capi]; \
+- } \
+-} while (0)
+-
+-static inline kernel_cap_t cap_combine(const kernel_cap_t a,
+- const kernel_cap_t b)
+-{
+- kernel_cap_t dest;
+- CAP_BOP_ALL(dest, a, b, |);
+- return dest;
+-}
+-
+-static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
+- const kernel_cap_t b)
+-{
+- kernel_cap_t dest;
+- CAP_BOP_ALL(dest, a, b, &);
+- return dest;
+-}
+-
+-static inline kernel_cap_t cap_drop(const kernel_cap_t a,
+- const kernel_cap_t drop)
+-{
+- kernel_cap_t dest;
+- CAP_BOP_ALL(dest, a, drop, &~);
+- return dest;
+-}
+-
+-static inline kernel_cap_t cap_invert(const kernel_cap_t c)
+-{
+- kernel_cap_t dest;
+- CAP_UOP_ALL(dest, c, ~);
+- return dest;
+-}
+-
+-static inline int cap_isclear(const kernel_cap_t a)
+-{
+- unsigned __capi;
+- CAP_FOR_EACH_U32(__capi) {
+- if (a.cap[__capi] != 0)
+- return 0;
+- }
+- return 1;
+-}
+-
+-/*
+- * Check if "a" is a subset of "set".
+- * return 1 if ALL of the capabilities in "a" are also in "set"
+- * cap_issubset(0101, 1111) will return 1
+- * return 0 if ANY of the capabilities in "a" are not in "set"
+- * cap_issubset(1111, 0101) will return 0
+- */
+-static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
+-{
+- kernel_cap_t dest;
+- dest = cap_drop(a, set);
+- return cap_isclear(dest);
+-}
+-
+-/* Used to decide between falling back on the old suser() or fsuser(). */
+-
+-static inline int cap_is_fs_cap(int cap)
+-{
+- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+- return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]);
+-}
+-
+-static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
+-{
+- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+- return cap_drop(a, __cap_fs_set);
+-}
+-
+-static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
+- const kernel_cap_t permitted)
+-{
+- const kernel_cap_t __cap_fs_set = CAP_FS_SET;
+- return cap_combine(a,
+- cap_intersect(permitted, __cap_fs_set));
+-}
+-
+-static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
+-{
+- const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
+- return cap_drop(a, __cap_fs_set);
+-}
+-
+-static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
+- const kernel_cap_t permitted)
+-{
+- const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
+- return cap_combine(a,
+- cap_intersect(permitted, __cap_nfsd_set));
+-}
+-
+-extern bool has_capability(struct task_struct *t, int cap);
+-extern bool has_ns_capability(struct task_struct *t,
+- struct user_namespace *ns, int cap);
+-extern bool has_capability_noaudit(struct task_struct *t, int cap);
+-extern bool has_ns_capability_noaudit(struct task_struct *t,
+- struct user_namespace *ns, int cap);
+-extern bool capable(int cap);
+-extern bool ns_capable(struct user_namespace *ns, int cap);
+-extern bool inode_capable(const struct inode *inode, int cap);
+-extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
+-
+-/* audit system wants to get cap info from files as well */
+-extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
+-
+-#endif /* !_LINUX_CAPABILITY_H */
+diff -Naur libcap-2.23.orig/libcap/include/linux/prctl.h libcap-2.23/libcap/include/linux/prctl.h
+--- libcap-2.23.orig/libcap/include/linux/prctl.h 2013-12-15 23:46:28.000000000 -0500
++++ libcap-2.23/libcap/include/linux/prctl.h 1969-12-31 19:00:00.000000000 -0500
+@@ -1,105 +0,0 @@
+-#ifndef _LINUX_PRCTL_H
+-#define _LINUX_PRCTL_H
+-
+-/* Values to pass as first argument to prctl() */
+-
+-#define PR_SET_PDEATHSIG 1 /* Second arg is a signal */
+-#define PR_GET_PDEATHSIG 2 /* Second arg is a ptr to return the signal */
+-
+-/* Get/set current->mm->dumpable */
+-#define PR_GET_DUMPABLE 3
+-#define PR_SET_DUMPABLE 4
+-
+-/* Get/set unaligned access control bits (if meaningful) */
+-#define PR_GET_UNALIGN 5
+-#define PR_SET_UNALIGN 6
+-# define PR_UNALIGN_NOPRINT 1 /* silently fix up unaligned user accesses */
+-# define PR_UNALIGN_SIGBUS 2 /* generate SIGBUS on unaligned user access */
+-
+-/* Get/set whether or not to drop capabilities on setuid() away from
+- * uid 0 (as per security/commoncap.c) */
+-#define PR_GET_KEEPCAPS 7
+-#define PR_SET_KEEPCAPS 8
+-
+-/* Get/set floating-point emulation control bits (if meaningful) */
+-#define PR_GET_FPEMU 9
+-#define PR_SET_FPEMU 10
+-# define PR_FPEMU_NOPRINT 1 /* silently emulate fp operations accesses */
+-# define PR_FPEMU_SIGFPE 2 /* don't emulate fp operations, send SIGFPE instead */
+-
+-/* Get/set floating-point exception mode (if meaningful) */
+-#define PR_GET_FPEXC 11
+-#define PR_SET_FPEXC 12
+-# define PR_FP_EXC_SW_ENABLE 0x80 /* Use FPEXC for FP exception enables */
+-# define PR_FP_EXC_DIV 0x010000 /* floating point divide by zero */
+-# define PR_FP_EXC_OVF 0x020000 /* floating point overflow */
+-# define PR_FP_EXC_UND 0x040000 /* floating point underflow */
+-# define PR_FP_EXC_RES 0x080000 /* floating point inexact result */
+-# define PR_FP_EXC_INV 0x100000 /* floating point invalid operation */
+-# define PR_FP_EXC_DISABLED 0 /* FP exceptions disabled */
+-# define PR_FP_EXC_NONRECOV 1 /* async non-recoverable exc. mode */
+-# define PR_FP_EXC_ASYNC 2 /* async recoverable exception mode */
+-# define PR_FP_EXC_PRECISE 3 /* precise exception mode */
+-
+-/* Get/set whether we use statistical process timing or accurate timestamp
+- * based process timing */
+-#define PR_GET_TIMING 13
+-#define PR_SET_TIMING 14
+-# define PR_TIMING_STATISTICAL 0 /* Normal, traditional,
+- statistical process timing */
+-# define PR_TIMING_TIMESTAMP 1 /* Accurate timestamp based
+- process timing */
+-
+-#define PR_SET_NAME 15 /* Set process name */
+-#define PR_GET_NAME 16 /* Get process name */
+-
+-/* Get/set process endian */
+-#define PR_GET_ENDIAN 19
+-#define PR_SET_ENDIAN 20
+-# define PR_ENDIAN_BIG 0
+-# define PR_ENDIAN_LITTLE 1 /* True little endian mode */
+-# define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */
+-
+-/* Get/set process seccomp mode */
+-#define PR_GET_SECCOMP 21
+-#define PR_SET_SECCOMP 22
+-
+-/* Get/set the capability bounding set (as per security/commoncap.c) */
+-#define PR_CAPBSET_READ 23
+-#define PR_CAPBSET_DROP 24
+-
+-/* Get/set the process' ability to use the timestamp counter instruction */
+-#define PR_GET_TSC 25
+-#define PR_SET_TSC 26
+-# define PR_TSC_ENABLE 1 /* allow the use of the timestamp counter */
+-# define PR_TSC_SIGSEGV 2 /* throw a SIGSEGV instead of reading the TSC */
+-
+-/* Get/set securebits (as per security/commoncap.c) */
+-#define PR_GET_SECUREBITS 27
+-#define PR_SET_SECUREBITS 28
+-
+-/*
+- * Get/set the timerslack as used by poll/select/nanosleep
+- * A value of 0 means "use default"
+- */
+-#define PR_SET_TIMERSLACK 29
+-#define PR_GET_TIMERSLACK 30
+-
+-#define PR_TASK_PERF_EVENTS_DISABLE 31
+-#define PR_TASK_PERF_EVENTS_ENABLE 32
+-
+-/*
+- * Set early/late kill mode for hwpoison memory corruption.
+- * This influences when the process gets killed on a memory corruption.
+- */
+-#define PR_MCE_KILL 33
+-# define PR_MCE_KILL_CLEAR 0
+-# define PR_MCE_KILL_SET 1
+-
+-# define PR_MCE_KILL_LATE 0
+-# define PR_MCE_KILL_EARLY 1
+-# define PR_MCE_KILL_DEFAULT 2
+-
+-#define PR_MCE_KILL_GET 34
+-
+-#endif /* _LINUX_PRCTL_H */
+diff -Naur libcap-2.23.orig/libcap/include/linux/securebits.h libcap-2.23/libcap/include/linux/securebits.h
+--- libcap-2.23.orig/libcap/include/linux/securebits.h 2013-12-15 23:46:28.000000000 -0500
++++ libcap-2.23/libcap/include/linux/securebits.h 1969-12-31 19:00:00.000000000 -0500
+@@ -1,54 +0,0 @@
+-#ifndef _LINUX_SECUREBITS_H
+-#define _LINUX_SECUREBITS_H 1
+-
+-/* Each securesetting is implemented using two bits. One bit specifies
+- whether the setting is on or off. The other bit specify whether the
+- setting is locked or not. A setting which is locked cannot be
+- changed from user-level. */
+-#define issecure_mask(X) (1 << (X))
+-#ifdef __KERNEL__
+-#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
+-#endif
+-
+-#define SECUREBITS_DEFAULT 0x00000000
+-
+-/* When set UID 0 has no special privileges. When unset, we support
+- inheritance of root-permissions and suid-root executable under
+- compatibility mode. We raise the effective and inheritable bitmasks
+- *of the executable file* if the effective uid of the new process is
+- 0. If the real uid is 0, we raise the effective (legacy) bit of the
+- executable file. */
+-#define SECURE_NOROOT 0
+-#define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */
+-
+-#define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT))
+-#define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED))
+-
+-/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
+- When unset, to provide compatiblility with old programs relying on
+- set*uid to gain/lose privilege, transitions to/from uid 0 cause
+- capabilities to be gained/lost. */
+-#define SECURE_NO_SETUID_FIXUP 2
+-#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
+-
+-#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP))
+-#define SECBIT_NO_SETUID_FIXUP_LOCKED \
+- (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED))
+-
+-/* When set, a process can retain its capabilities even after
+- transitioning to a non-root user (the set-uid fixup suppressed by
+- bit 2). Bit-4 is cleared when a process calls exec(); setting both
+- bit 4 and 5 will create a barrier through exec that no exec()'d
+- child can use this feature again. */
+-#define SECURE_KEEP_CAPS 4
+-#define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */
+-
+-#define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS))
+-#define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED))
+-
+-#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
+- issecure_mask(SECURE_NO_SETUID_FIXUP) | \
+- issecure_mask(SECURE_KEEP_CAPS))
+-#define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1)
+-
+-#endif /* !_LINUX_SECUREBITS_H */
+diff -Naur libcap-2.23.orig/libcap/include/sys/capability.h libcap-2.23/libcap/include/sys/capability.h
+--- libcap-2.23.orig/libcap/include/sys/capability.h 2013-12-15 23:47:10.000000000 -0500
++++ libcap-2.23/libcap/include/sys/capability.h 2014-01-05 01:23:01.000000000 -0500
+@@ -26,7 +26,7 @@
+ #ifndef __user
+ #define __user
+ #endif
+-#include <uapi/linux/capability.h>
++#include <linux/capability.h>
+ #include <linux/xattr.h>
+
+ /*
+diff -Naur libcap-2.23.orig/libcap/include/uapi/linux/prctl.h libcap-2.23/libcap/include/uapi/linux/prctl.h
+--- libcap-2.23.orig/libcap/include/uapi/linux/prctl.h 1969-12-31 19:00:00.000000000 -0500
++++ libcap-2.23/libcap/include/uapi/linux/prctl.h 2014-01-05 01:23:01.000000000 -0500
+@@ -0,0 +1,152 @@
++#ifndef _LINUX_PRCTL_H
++#define _LINUX_PRCTL_H
++
++/* Values to pass as first argument to prctl() */
++
++#define PR_SET_PDEATHSIG 1 /* Second arg is a signal */
++#define PR_GET_PDEATHSIG 2 /* Second arg is a ptr to return the signal */
++
++/* Get/set current->mm->dumpable */
++#define PR_GET_DUMPABLE 3
++#define PR_SET_DUMPABLE 4
++
++/* Get/set unaligned access control bits (if meaningful) */
++#define PR_GET_UNALIGN 5
++#define PR_SET_UNALIGN 6
++# define PR_UNALIGN_NOPRINT 1 /* silently fix up unaligned user accesses */
++# define PR_UNALIGN_SIGBUS 2 /* generate SIGBUS on unaligned user access */
++
++/* Get/set whether or not to drop capabilities on setuid() away from
++ * uid 0 (as per security/commoncap.c) */
++#define PR_GET_KEEPCAPS 7
++#define PR_SET_KEEPCAPS 8
++
++/* Get/set floating-point emulation control bits (if meaningful) */
++#define PR_GET_FPEMU 9
++#define PR_SET_FPEMU 10
++# define PR_FPEMU_NOPRINT 1 /* silently emulate fp operations accesses */
++# define PR_FPEMU_SIGFPE 2 /* don't emulate fp operations, send SIGFPE instead */
++
++/* Get/set floating-point exception mode (if meaningful) */
++#define PR_GET_FPEXC 11
++#define PR_SET_FPEXC 12
++# define PR_FP_EXC_SW_ENABLE 0x80 /* Use FPEXC for FP exception enables */
++# define PR_FP_EXC_DIV 0x010000 /* floating point divide by zero */
++# define PR_FP_EXC_OVF 0x020000 /* floating point overflow */
++# define PR_FP_EXC_UND 0x040000 /* floating point underflow */
++# define PR_FP_EXC_RES 0x080000 /* floating point inexact result */
++# define PR_FP_EXC_INV 0x100000 /* floating point invalid operation */
++# define PR_FP_EXC_DISABLED 0 /* FP exceptions disabled */
++# define PR_FP_EXC_NONRECOV 1 /* async non-recoverable exc. mode */
++# define PR_FP_EXC_ASYNC 2 /* async recoverable exception mode */
++# define PR_FP_EXC_PRECISE 3 /* precise exception mode */
++
++/* Get/set whether we use statistical process timing or accurate timestamp
++ * based process timing */
++#define PR_GET_TIMING 13
++#define PR_SET_TIMING 14
++# define PR_TIMING_STATISTICAL 0 /* Normal, traditional,
++ statistical process timing */
++# define PR_TIMING_TIMESTAMP 1 /* Accurate timestamp based
++ process timing */
++
++#define PR_SET_NAME 15 /* Set process name */
++#define PR_GET_NAME 16 /* Get process name */
++
++/* Get/set process endian */
++#define PR_GET_ENDIAN 19
++#define PR_SET_ENDIAN 20
++# define PR_ENDIAN_BIG 0
++# define PR_ENDIAN_LITTLE 1 /* True little endian mode */
++# define PR_ENDIAN_PPC_LITTLE 2 /* "PowerPC" pseudo little endian */
++
++/* Get/set process seccomp mode */
++#define PR_GET_SECCOMP 21
++#define PR_SET_SECCOMP 22
++
++/* Get/set the capability bounding set (as per security/commoncap.c) */
++#define PR_CAPBSET_READ 23
++#define PR_CAPBSET_DROP 24
++
++/* Get/set the process' ability to use the timestamp counter instruction */
++#define PR_GET_TSC 25
++#define PR_SET_TSC 26
++# define PR_TSC_ENABLE 1 /* allow the use of the timestamp counter */
++# define PR_TSC_SIGSEGV 2 /* throw a SIGSEGV instead of reading the TSC */
++
++/* Get/set securebits (as per security/commoncap.c) */
++#define PR_GET_SECUREBITS 27
++#define PR_SET_SECUREBITS 28
++
++/*
++ * Get/set the timerslack as used by poll/select/nanosleep
++ * A value of 0 means "use default"
++ */
++#define PR_SET_TIMERSLACK 29
++#define PR_GET_TIMERSLACK 30
++
++#define PR_TASK_PERF_EVENTS_DISABLE 31
++#define PR_TASK_PERF_EVENTS_ENABLE 32
++
++/*
++ * Set early/late kill mode for hwpoison memory corruption.
++ * This influences when the process gets killed on a memory corruption.
++ */
++#define PR_MCE_KILL 33
++# define PR_MCE_KILL_CLEAR 0
++# define PR_MCE_KILL_SET 1
++
++# define PR_MCE_KILL_LATE 0
++# define PR_MCE_KILL_EARLY 1
++# define PR_MCE_KILL_DEFAULT 2
++
++#define PR_MCE_KILL_GET 34
++
++/*
++ * Tune up process memory map specifics.
++ */
++#define PR_SET_MM 35
++# define PR_SET_MM_START_CODE 1
++# define PR_SET_MM_END_CODE 2
++# define PR_SET_MM_START_DATA 3
++# define PR_SET_MM_END_DATA 4
++# define PR_SET_MM_START_STACK 5
++# define PR_SET_MM_START_BRK 6
++# define PR_SET_MM_BRK 7
++# define PR_SET_MM_ARG_START 8
++# define PR_SET_MM_ARG_END 9
++# define PR_SET_MM_ENV_START 10
++# define PR_SET_MM_ENV_END 11
++# define PR_SET_MM_AUXV 12
++# define PR_SET_MM_EXE_FILE 13
++
++/*
++ * Set specific pid that is allowed to ptrace the current task.
++ * A value of 0 mean "no process".
++ */
++#define PR_SET_PTRACER 0x59616d61
++# define PR_SET_PTRACER_ANY ((unsigned long)-1)
++
++#define PR_SET_CHILD_SUBREAPER 36
++#define PR_GET_CHILD_SUBREAPER 37
++
++/*
++ * If no_new_privs is set, then operations that grant new privileges (i.e.
++ * execve) will either fail or not grant them. This affects suid/sgid,
++ * file capabilities, and LSMs.
++ *
++ * Operations that merely manipulate or drop existing privileges (setresuid,
++ * capset, etc.) will still work. Drop those privileges if you want them gone.
++ *
++ * Changing LSM security domain is considered a new privilege. So, for example,
++ * asking selinux for a specific new context (e.g. with runcon) will result
++ * in execve returning -EPERM.
++ *
++ * See Documentation/prctl/no_new_privs.txt for more details.
++ */
++#define PR_SET_NO_NEW_PRIVS 38
++#define PR_GET_NO_NEW_PRIVS 39
++
++#define PR_GET_TID_ADDRESS 40
++
++#endif /* _LINUX_PRCTL_H */
+diff -Naur libcap-2.23.orig/libcap/include/uapi/linux/securebits.h libcap-2.23/libcap/include/uapi/linux/securebits.h
+--- libcap-2.23.orig/libcap/include/uapi/linux/securebits.h 1969-12-31 19:00:00.000000000 -0500
++++ libcap-2.23/libcap/include/uapi/linux/securebits.h 2014-01-05 01:23:01.000000000 -0500
+@@ -0,0 +1,51 @@
++#ifndef _UAPI_LINUX_SECUREBITS_H
++#define _UAPI_LINUX_SECUREBITS_H
++
++/* Each securesetting is implemented using two bits. One bit specifies
++ whether the setting is on or off. The other bit specify whether the
++ setting is locked or not. A setting which is locked cannot be
++ changed from user-level. */
++#define issecure_mask(X) (1 << (X))
++
++#define SECUREBITS_DEFAULT 0x00000000
++
++/* When set UID 0 has no special privileges. When unset, we support
++ inheritance of root-permissions and suid-root executable under
++ compatibility mode. We raise the effective and inheritable bitmasks
++ *of the executable file* if the effective uid of the new process is
++ 0. If the real uid is 0, we raise the effective (legacy) bit of the
++ executable file. */
++#define SECURE_NOROOT 0
++#define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */
++
++#define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT))
++#define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED))
++
++/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
++ When unset, to provide compatiblility with old programs relying on
++ set*uid to gain/lose privilege, transitions to/from uid 0 cause
++ capabilities to be gained/lost. */
++#define SECURE_NO_SETUID_FIXUP 2
++#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
++
++#define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP))
++#define SECBIT_NO_SETUID_FIXUP_LOCKED \
++ (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED))
++
++/* When set, a process can retain its capabilities even after
++ transitioning to a non-root user (the set-uid fixup suppressed by
++ bit 2). Bit-4 is cleared when a process calls exec(); setting both
++ bit 4 and 5 will create a barrier through exec that no exec()'d
++ child can use this feature again. */
++#define SECURE_KEEP_CAPS 4
++#define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */
++
++#define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS))
++#define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED))
++
++#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
++ issecure_mask(SECURE_NO_SETUID_FIXUP) | \
++ issecure_mask(SECURE_KEEP_CAPS))
++#define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1)
++
++#endif /* _UAPI_LINUX_SECUREBITS_H */
-----------------------------------------------------------------------
Summary of changes:
BOOK/boot/alpha-chapter.xml | 2 +-
BOOK/boot/mips-chapter.xml | 2 +-
BOOK/boot/mips64-64-chapter.xml | 2 +-
BOOK/boot/mips64-chapter.xml | 2 +-
BOOK/boot/ppc-chapter.xml | 2 +-
BOOK/boot/ppc64-64-chapter.xml | 2 +-
BOOK/boot/ppc64-chapter.xml | 2 +-
BOOK/boot/sparc-chapter.xml | 2 +-
BOOK/boot/sparc64-64-chapter.xml | 2 +-
BOOK/boot/sparc64-chapter.xml | 2 +-
BOOK/boot/x86-chapter.xml | 2 +-
BOOK/boot/x86_64-64-chapter.xml | 2 +-
BOOK/boot/x86_64-chapter.xml | 2 +-
BOOK/final-system/common/libcap.xml | 5 +
BOOK/materials/common/patches.xml | 9 +
BOOK/patches.ent | 4 +
patches/libcap-2.23-uapi-1.patch | 646 +++++++++++++++++++++++++++++++++++
17 files changed, 677 insertions(+), 13 deletions(-)
create mode 100644 patches/libcap-2.23-uapi-1.patch
hooks/post-receive
--
Cross-LFS Book
More information about the Clfs-commits
mailing list