[lfs-book] [LFS Trac] #4559: libcap-2.28

Sun, 08 Dec 2019 10:16:44 -0800 

#4559: libcap-2.28
--------------------+----------------------
 Reporter:  bdubbs  |      Owner:  lfs-book
     Type:  task    |     Status:  new
 Priority:  normal  |  Milestone:  9.1
Component:  Book    |    Version:  SVN
 Severity:  normal  |   Keywords:
--------------------+----------------------
 New minor version.

 Release notes for 2.28

 - The big new feature of this release relates to POSIX syscall behavior
 for pthreads:
   - That is, introduced a library libpsx that can emulate POSIX syscalls
 for all pthreads
   - You might think that this is already the case from Glibc's nptl:setxid
 functionality,
     but alas no. Glibc only supports 9 syscalls with this abstraction and
 none of them
     involve prctl() support, or capset(). So, while traditional legacy
 things like
     setuid() work, libcap's capability manipulation mediated through the
 glibc syscalls
     was still tied to individual threads...
   - TL;DR with gcc linker flags, " -lpsx -Wl,-wrap,pthread_create " (or
 the ld equivalent
     " -lpsx -wrap=pthread_create "), you can get libcap to observe POSIX
 semantics
     sharing capability and prctl state over all pthreads.
 - Also added a pair of golang packages implementing libcap/cap and
 libcap/psx
   (preview no install targets yet).
   - Writing this caused me to delve into the unfortunate state of threads
 and
     privilege handling in Go, which in turn led me to investigate the
 detail
     of how Glibc was not supporting libcap.
   - Wrote a golang runtime/syscall/cgo patch to implement POSIX semantics
 for
     system calls in native Go on linux (see contrib/golang)
   - Wrote a tiny webserver to demonstrate/debug how Go's native privilege
 handling
     was failing and could work with above patch
   - Found a way to conditionally link -lpsx to the libcap/cap Go package
 to fully
     support capabilities via cgo (in lieu of syscall.PosixSyscall() not
 being upstream yet).
 - libcap/Makefile: Handle old gperf versions
 - More rigor on the unsigned nature of shifted bit masks in libcap
 - Minor cleanup to libcap's cap_to_text handling code.

--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4559>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to