--- libcap2-2.16.orig/debian/libcap2.install +++ libcap2-2.16/debian/libcap2.install @@ -0,0 +1 @@ +debian/tmp/lib/lib*.so.* --- libcap2-2.16.orig/debian/orig-tar.sh +++ libcap2-2.16/debian/orig-tar.sh @@ -0,0 +1,10 @@ +#!/bin/sh -e + +# called by uscan with '--upstream-version' + +# move to directory 'tarballs' +if [ -r .svn/deb-layout ]; then + . .svn/deb-layout + mv $3 $origDir + echo "moved $3 to $origDir" +fi --- libcap2-2.16.orig/debian/watch +++ libcap2-2.16/debian/watch @@ -0,0 +1,3 @@ +version=3 +http://www.eu.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-(.*)\.tar\.gz \ + debian debian/orig-tar.sh --- libcap2-2.16.orig/debian/libcap2-bin.install +++ libcap2-2.16/debian/libcap2-bin.install @@ -0,0 +1,2 @@ +debian/tmp/lib/security/* +debian/tmp/sbin/* --- libcap2-2.16.orig/debian/libcap2-bin.examples +++ libcap2-2.16/debian/libcap2-bin.examples @@ -0,0 +1 @@ +pam_cap/capability.conf --- libcap2-2.16.orig/debian/control +++ libcap2-2.16/debian/control @@ -0,0 +1,43 @@ +Source: libcap2 +Section: libs +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Torsten Werner +Standards-Version: 3.8.0 +Build-Depends: cdbs, debhelper (>= 5), indent, libattr1-dev, libpam0g-dev, + quilt +Homepage: http://sites.google.com/site/fullycapable/ +Vcs-Svn: https://bollin.googlecode.com/svn/libcap2/ +Vcs-Browser: http://bollin.googlecode.com/svn/libcap2/ + +Package: libcap-dev +Section: libdevel +Architecture: any +Depends: libcap2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Provides: libcap2-dev +Conflicts: libcap2-dev +Replaces: libcap2-dev +Suggests: manpages-dev +Description: development libraries and header files for libcap2 + Contains the necessary support for building applications that use + capabilities. + +Package: libcap2-bin +Section: utils +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: libcap-dev +Conflicts: libcap-bin +Description: basic utility programs for using capabilities + This packages contains the programs sucap, execap, getpcaps, setpcaps + for manipulation of capabilities. + +Package: libcap2 +Priority: standard +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: support for getting/setting POSIX.1e capabilities + This library implements the user-space interfaces to the POSIX + 1003.1e capabilities available in Linux kernels. These capabilities are + a partitioning of the all powerful root privilege into a set of distinct + privileges. --- libcap2-2.16.orig/debian/copyright +++ libcap2-2.16/debian/copyright @@ -0,0 +1,53 @@ +This package was debianized by Torsten Werner on +Fri Mar 21 16:35:46 CET 2008 based on the package 'libcap' that is +maintained by Michael Vogt. + +It was downloaded from +http://www.eu.kernel.org/pub/linux/libs/security/linux-privs/libcap2/ + +Upstream Author: Andrew G. Morgan + +Copyright: (c) 1999-2008 Andrew G. Morgan + +Unless otherwise *explicitly* stated, the following text describes the +licensed conditions under which the contents of this libcap release +may be used and distributed: + +------------------------------------------------------------------------- +Redistribution and use in source and binary forms of libcap, with +or without modification, are permitted provided that the following +conditions are met: + +1. Redistributions of source code must retain any existing copyright + notice, and this entire permission notice in its entirety, + including the disclaimer of warranties. + +2. Redistributions in binary form must reproduce all prior and current + copyright notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + +3. The name of any author may not be used to endorse or promote + products derived from this software without their specific prior + written permission. + +ALTERNATIVELY, this product may be distributed under the terms of the +GNU General Public License, in which case the provisions of the GNU +GPL are required INSTEAD OF the above restrictions. (This clause is +necessary due to a potential conflict between the GNU GPL and the +restrictions contained in a BSD-style copyright.) + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. +------------------------------------------------------------------------- + +You can find the GPL in /usr/share/common-licenses/GPL --- libcap2-2.16.orig/debian/README.Debian +++ libcap2-2.16/debian/README.Debian @@ -0,0 +1,46 @@ +Please check http://www.friedhoff.org/posixfilecaps.html to get more +information on POSIX File Capabilities. + + +Example: how to remove the SUID root bit from /bin/ping? +-------------------------------------------------------- + +Make sure you have kernel 2.6.24 or newer you have +CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_FILE_CAPABILITIES +enabled. The Debian kernels are fine. + + $ ls -l /bin/ping + -rwsr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping + ^ +That is not good. + + $ sudo chmod 755 /bin/ping + +Or use dpkg-statoverride. + + $ ls -l /bin/ping + -rwxr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping + +That is better but ping fails. + + $ ping -c1 localhost + ping: icmp open socket: Operation not permitted + +Now set the missing capability: + + $ sudo setcap cap_net_raw+ep /bin/ping + +... and ping will work again. + + $ ping -c1 localhost + PING localhost (127.0.0.1) 56(84) bytes of data. + 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms + + --- localhost ping statistics --- + 1 packets transmitted, 1 received, 0% packet loss, time 0ms + rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms + + + +Torsten Werner + --- libcap2-2.16.orig/debian/libcap2-bin.manpages +++ libcap2-2.16/debian/libcap2-bin.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man8/* --- libcap2-2.16.orig/debian/changelog +++ libcap2-2.16/debian/changelog @@ -0,0 +1,137 @@ +libcap2 (1:2.16-5ubuntu2~cross1) karmic; urgency=low + + * Set CC correctly for cross-compilation. + + -- Colin Watson Thu, 07 Jan 2010 13:41:14 +0000 + +libcap2 (1:2.16-5ubuntu1) karmic; urgency=low + + * fix-capability-headers.diff: is sanitised properly + for userspace now, so stop trying to work around it in ways that break + by failing to define __u64 properly (patch from Kyle McMartin of Red + Hat; LP: #375595). In addition to the Red Hat patch, update our + from linux-libc-dev 2.6.31-1.13, thereby actually + including said header sanitisation. + + -- Colin Watson Thu, 02 Jul 2009 13:37:27 +0100 + +libcap2 (1:2.16-5) unstable; urgency=low + + * Remove reference to kernel version 2.2 in debian/control. (Closes: + #260005) + * Add Suggests: libcap-dev to binary package libcap2-bin. (Closes: #433782) + + -- Torsten Werner Wed, 01 Apr 2009 23:32:37 +0200 + +libcap2 (1:2.16-4) unstable; urgency=low + + * Add Conflicts: and Replaces: libcap2-dev to binary package libcap-dev. + * Add epoch to version number because the old package had an epoch. + * Add missing files to package libcap-dev which got lost in the previous + version. + + -- Torsten Werner Sun, 22 Mar 2009 21:23:50 +0100 + +libcap2 (2.16-3) unstable; urgency=low + + * Rename binary package libcap2-dev to libcap-dev as requested by the + release team to continue the transition from libcap1. (Closes: #520553) + * Add Provides: libcap2-dev to binary package libcap-dev to ease transition + from older versions of libcap2. + * Remove Conflicts: libcap-dev. + + -- Torsten Werner Sat, 21 Mar 2009 21:22:24 +0100 + +libcap2 (2.16-2) unstable; urgency=low + + * upload to unstable + + -- Torsten Werner Sun, 15 Feb 2009 22:09:04 +0100 + +libcap2 (2.16-1) experimental; urgency=low + + * new upstream release + * Always install libraries into /lib (never /lib64). + (Closes: #508315) + + -- Torsten Werner Sun, 14 Dec 2008 12:24:50 +0100 + +libcap2 (2.15-3) experimental; urgency=low + + * Set Priority: standard for binary package libcap2. (Closes: #507781) + + -- Torsten Werner Thu, 04 Dec 2008 14:15:48 +0100 + +libcap2 (2.15-2) experimental; urgency=low + + * Update shlibs file libcap2 (>= 2.10). (Closes: #464712) + + -- Torsten Werner Wed, 03 Dec 2008 23:42:19 +0100 + +libcap2 (2.15-1) experimental; urgency=low + + * new upstream release + * Add Homepage header. + * Bump Up Standards-Version: 3.8.0. + * Update patch build.diff. + + -- Torsten Werner Mon, 01 Dec 2008 00:26:09 +0100 + +libcap2 (2.11-2) unstable; urgency=low + + * Call dh_makeshlibs with -V. (Closes: #492467) + * Reformat debian/copyright. + * Add Build-Depends: libpam0g-dev to build the pam module. + * Ship the pam module in the package libcap2-bin. + + -- Torsten Werner Sat, 26 Jul 2008 15:40:42 +0200 + +libcap2 (2.11-1) unstable; urgency=low + + * new upstream release + * Remove patch bug487223.diff because it is not needed anymore. + * Refresh patch build.diff. + + -- Torsten Werner Thu, 24 Jul 2008 20:42:41 +0200 + +libcap2 (2.10-3) unstable; urgency=low + + * Add patch from upstream author to fix 'cap_copy_int() always returns NULL + (EINVAL)'. (Closes: #487223) + + -- Torsten Werner Mon, 07 Jul 2008 23:03:52 +0200 + +libcap2 (2.10-2) unstable; urgency=medium + + * Add Build-Depends: indent because it is needed on alpha. (Closes: #489477) + * Set urgency to medium because we are fixing a FTBFS bug. + + -- Torsten Werner Sun, 06 Jul 2008 11:34:15 +0200 + +libcap2 (2.10-1) unstable; urgency=low + + * new upstream release + + -- Torsten Werner Wed, 11 Jun 2008 23:37:06 +0200 + +libcap2 (2.09-1) unstable; urgency=low + + * new upstream release + * Change Priority: optional of package libcap2. + + -- Torsten Werner Sat, 10 May 2008 11:48:53 +0200 + +libcap2 (2.08-2) unstable; urgency=low + + * Do not install the old manpages capget(2) and capset(2) because the + package manpages-dev ships more recent ones. + * Replace Conflicts: manpages-dev by Suggests: manpages-dev. + (Closes: #473072) + + -- Torsten Werner Sat, 29 Mar 2008 10:19:58 +0100 + +libcap2 (2.08-1) unstable; urgency=low + + * Initial Release. (Closes: #464727) + + -- Torsten Werner Fri, 21 Mar 2008 16:26:04 +0100 --- libcap2-2.16.orig/debian/rules +++ libcap2-2.16/debian/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/makefile.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +CC := gcc +else +CC := $(DEB_HOST_GNU_TYPE)-gcc +endif + +DEB_MAKE_EXTRA_ARGS += CC=$(CC) BUILD_CC=gcc +DEB_MAKE_INSTALL_TARGET := install DESTDIR=$(DEB_DESTDIR) lib=lib +DEB_INSTALL_DOCS_ALL := debian/README.Debian +DEB_DH_MAKESHLIBS_ARGS := -V 'libcap2 (>= 2.10)' + +get-orig-source: + -uscan --upstream-version 0 --- libcap2-2.16.orig/debian/libcap-dev.install +++ libcap2-2.16/debian/libcap-dev.install @@ -0,0 +1,2 @@ +debian/tmp/usr/include/* +debian/tmp/lib/lib*.so --- libcap2-2.16.orig/debian/libcap-dev.manpages +++ libcap2-2.16/debian/libcap-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* --- libcap2-2.16.orig/debian/compat +++ libcap2-2.16/debian/compat @@ -0,0 +1 @@ +5 --- libcap2-2.16.orig/debian/patches/series +++ libcap2-2.16/debian/patches/series @@ -0,0 +1,2 @@ +build.diff +fix-capability-headers.diff --- libcap2-2.16.orig/debian/patches/build.diff +++ libcap2-2.16/debian/patches/build.diff @@ -0,0 +1,93 @@ +Index: libcap2-2.15/Make.Rules +=================================================================== +--- libcap2-2.15.orig/Make.Rules 2008-11-24 06:33:33.000000000 +0100 ++++ libcap2-2.15/Make.Rules 2008-12-03 23:30:21.000000000 +0100 +@@ -43,7 +43,7 @@ + # Compilation specifics + + KERNEL_HEADERS := $(topdir)/libcap/include +-IPATH += -I$(topdir)/libcap/include -I$(KERNEL_HEADERS) ++IPATH += -fPIC -I$(topdir)/libcap/include -I$(KERNEL_HEADERS) + + CC := gcc + CFLAGS := -O2 +@@ -52,7 +52,7 @@ + AR := ar + RANLIB := ranlib + DEBUG = -g #-DDEBUG +-WARNINGS=-fPIC -Wall -Wwrite-strings \ ++WARNINGS=-Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align \ + -Wstrict-prototypes -Wmissing-prototypes \ + -Wnested-externs -Winline -Wshadow +@@ -62,7 +62,7 @@ + SYSTEM_HEADERS = /usr/include + INCS=$(topdir)/libcap/include/sys/capability.h + LDFLAGS += -L$(topdir)/libcap +-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) $(IPATH) ++CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) + PAM_CAP := $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi) + INDENT := $(shell if [ -n "$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi) + DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi) +Index: libcap2-2.15/libcap/Makefile +=================================================================== +--- libcap2-2.15.orig/libcap/Makefile 2008-11-24 06:33:33.000000000 +0100 ++++ libcap2-2.15/libcap/Makefile 2008-12-03 23:30:21.000000000 +0100 +@@ -55,10 +55,10 @@ + ln -sf $(MAJLIBNAME) $(LIBNAME) + + %.o: %.c $(INCLS) +- $(CC) $(CFLAGS) -c $< -o $@ ++ $(CC) $(CFLAGS) $(IPATH) -c $< -o $@ + + cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS) +- $(CC) $(CFLAGS) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@ ++ $(CC) $(CFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@ + + install: all + mkdir -p -m 0755 $(INCDIR)/sys +Index: libcap2-2.15/pam_cap/Makefile +=================================================================== +--- libcap2-2.15.orig/pam_cap/Makefile 2008-10-17 06:31:01.000000000 +0200 ++++ libcap2-2.15/pam_cap/Makefile 2008-12-03 23:30:21.000000000 +0100 +@@ -3,8 +3,7 @@ + topdir=$(shell pwd)/.. + include ../Make.Rules + +-LDLIBS += -lcap +-CFLAGS += -fPIC ++LDLIBS += -L../libcap -lcap + + all: pam_cap.so + $(MAKE) testcompile +@@ -17,7 +16,7 @@ + $(LD) $(LDFLAGS) -o pam_cap.so $< $(LDLIBS) + + pam_cap.o: pam_cap.c +- $(CC) $(CFLAGS) -c $< -o $@ ++ $(CC) $(CFLAGS) $(IPATH) -c $< -o $@ + + testcompile: test.c pam_cap.o + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $+ -lpam -ldl $(LDLIBS) +Index: libcap2-2.15/progs/Makefile +=================================================================== +--- libcap2-2.15.orig/progs/Makefile 2008-11-24 06:33:33.000000000 +0100 ++++ libcap2-2.15/progs/Makefile 2008-12-03 23:30:41.000000000 +0100 +@@ -14,7 +14,7 @@ + ifneq ($(DYNAMIC),yes) + LDFLAGS += --static + endif +-LDLIBS += -lcap ++LDLIBS += -L../libcap -lcap + + all: $(BUILD) + +@@ -22,7 +22,7 @@ + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LDLIBS) + + %.o: %.c $(INCS) +- $(CC) $(CFLAGS) -c $< -o $@ ++ $(CC) $(IPATH) $(CFLAGS) -c $< -o $@ + + install: all + mkdir -p -m 0755 $(SBINDIR) --- libcap2-2.16.orig/debian/patches/fix-capability-headers.diff +++ libcap2-2.16/debian/patches/fix-capability-headers.diff @@ -0,0 +1,257 @@ +Description: is sanitised properly for userspace now, + so stop trying to work around it in ways that break by failing to define + __u64 properly. Also update from linux-libc-dev + 2.6.31-1.13, thereby actually including said header sanitisation. +Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/375595 +Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=483548 + +Index: b/libcap/include/sys/capability.h +=================================================================== +--- a/libcap/include/sys/capability.h ++++ b/libcap/include/sys/capability.h +@@ -19,24 +19,12 @@ + * information for the user library. + */ + ++/* Linux headers are now sanitized properly for userspace */ ++#include + #include + #include + + /* +- * Make sure we can be included from userland by preventing +- * capability.h from including other kernel headers +- */ +-#define _LINUX_TYPES_H +-#define _LINUX_FS_H +-#define __LINUX_COMPILER_H +-#define __user +- +-typedef unsigned int __u32; +-typedef __u32 __le32; +- +-#include +- +-/* + * POSIX capability types + */ + +Index: b/libcap/include/linux/capability.h +=================================================================== +--- a/libcap/include/linux/capability.h ++++ b/libcap/include/linux/capability.h +@@ -40,19 +40,20 @@ + typedef struct __user_cap_header_struct { + __u32 version; + int pid; +-} __user *cap_user_header_t; ++} *cap_user_header_t; + + typedef struct __user_cap_data_struct { + __u32 effective; + __u32 permitted; + __u32 inheritable; +-} __user *cap_user_data_t; ++} *cap_user_data_t; + + + #define XATTR_CAPS_SUFFIX "capability" + #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX + + #define VFS_CAP_REVISION_MASK 0xFF000000 ++#define VFS_CAP_REVISION_SHIFT 24 + #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK + #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 + +@@ -68,7 +69,6 @@ + #define VFS_CAP_U32 VFS_CAP_U32_2 + #define VFS_CAP_REVISION VFS_CAP_REVISION_2 + +- + struct vfs_cap_data { + __le32 magic_etc; /* Little endian */ + struct { +@@ -77,7 +77,6 @@ + } data[VFS_CAP_U32]; + }; + +-#ifndef __KERNEL__ + + /* + * Backwardly compatible definition for source code - trapped in a +@@ -87,19 +86,6 @@ + #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 + #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 + +-#else +- +-#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 +-#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 +- +-typedef struct kernel_cap_struct { +- __u32 cap[_KERNEL_CAPABILITY_U32S]; +-} kernel_cap_t; +- +-#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) +-#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) +- +-#endif + + + /** +@@ -357,155 +343,5 @@ + #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ + #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ + +-#ifdef __KERNEL__ +- +-/* +- * Internal kernel functions only +- */ +- +-#define CAP_FOR_EACH_U32(__capi) \ +- for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) +- +-# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ +- | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ +- | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \ +- | CAP_TO_MASK(CAP_FOWNER) \ +- | CAP_TO_MASK(CAP_FSETID)) +- +-# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) +- +-#if _KERNEL_CAPABILITY_U32S != 2 +-# error Fix up hand-coded capability macro initializers +-#else /* HAND-CODED capability initializers */ +- +-# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) +-# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) +-# define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) +-# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) +-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ +- CAP_FS_MASK_B1 } }) +- +-#endif /* _KERNEL_CAPABILITY_U32S != 2 */ +- +-#define CAP_INIT_INH_SET CAP_EMPTY_SET +- +-# define cap_clear(c) do { (c) = __cap_empty_set; } while (0) +-# define cap_set_full(c) do { (c) = __cap_full_set; } while (0) +-# define cap_set_init_eff(c) do { (c) = __cap_init_eff_set; } while (0) +- +-#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) +-#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) +-#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag)) +- +-#define CAP_BOP_ALL(c, a, b, OP) \ +-do { \ +- unsigned __capi; \ +- CAP_FOR_EACH_U32(__capi) { \ +- c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \ +- } \ +-} while (0) +- +-#define CAP_UOP_ALL(c, a, OP) \ +-do { \ +- unsigned __capi; \ +- CAP_FOR_EACH_U32(__capi) { \ +- c.cap[__capi] = OP a.cap[__capi]; \ +- } \ +-} while (0) +- +-static inline kernel_cap_t cap_combine(const kernel_cap_t a, +- const kernel_cap_t b) +-{ +- kernel_cap_t dest; +- CAP_BOP_ALL(dest, a, b, |); +- return dest; +-} +- +-static inline kernel_cap_t cap_intersect(const kernel_cap_t a, +- const kernel_cap_t b) +-{ +- kernel_cap_t dest; +- CAP_BOP_ALL(dest, a, b, &); +- return dest; +-} +- +-static inline kernel_cap_t cap_drop(const kernel_cap_t a, +- const kernel_cap_t drop) +-{ +- kernel_cap_t dest; +- CAP_BOP_ALL(dest, a, drop, &~); +- return dest; +-} +- +-static inline kernel_cap_t cap_invert(const kernel_cap_t c) +-{ +- kernel_cap_t dest; +- CAP_UOP_ALL(dest, c, ~); +- return dest; +-} +- +-static inline int cap_isclear(const kernel_cap_t a) +-{ +- unsigned __capi; +- CAP_FOR_EACH_U32(__capi) { +- if (a.cap[__capi] != 0) +- return 0; +- } +- return 1; +-} +- +-static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) +-{ +- kernel_cap_t dest; +- dest = cap_drop(a, set); +- return cap_isclear(dest); +-} +- +-/* Used to decide between falling back on the old suser() or fsuser(). */ +- +-static inline int cap_is_fs_cap(int cap) +-{ +- const kernel_cap_t __cap_fs_set = CAP_FS_SET; +- return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]); +-} +- +-static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) +-{ +- const kernel_cap_t __cap_fs_set = CAP_FS_SET; +- return cap_drop(a, __cap_fs_set); +-} +- +-static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, +- const kernel_cap_t permitted) +-{ +- const kernel_cap_t __cap_fs_set = CAP_FS_SET; +- return cap_combine(a, +- cap_intersect(permitted, __cap_fs_set)); +-} +- +-static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) +-{ +- const kernel_cap_t __cap_fs_set = CAP_NFSD_SET; +- return cap_drop(a, __cap_fs_set); +-} +- +-static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, +- const kernel_cap_t permitted) +-{ +- const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET; +- return cap_combine(a, +- cap_intersect(permitted, __cap_nfsd_set)); +-} +- +-extern const kernel_cap_t __cap_empty_set; +-extern const kernel_cap_t __cap_full_set; +-extern const kernel_cap_t __cap_init_eff_set; +- +-kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); +- +-int capable(int cap); +-int __capable(struct task_struct *t, int cap); +- +-#endif /* __KERNEL__ */ + + #endif /* !_LINUX_CAPABILITY_H */