I just discovered that this was never merged, Peter can you review it? Ross
On 3 May 2016 at 14:18, George McCollister <[email protected]> wrote: > The setcap utility supplied by libcap is used to set capabilities on a > file. Before setting a file's capabilities with cap_set_file() (which uses > setxattr()) it calls cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, > CAP_SET). cap_set_flag() uses the capset syscall to raise the process' > effective capability. In most cases if the process isn't running as root > this will fail and setcap will exit with an error. Because setxattr is > intercepted by pseudo it's unnecessary for setcap to call capset(). > > Override capset with a pseudo function that does nothing and always > returns 0. > > Signed-off-by: George McCollister <[email protected]> > --- > ports/linux/guts/capset.c | 13 +++++++++++++ > ports/linux/portdefs.h | 2 ++ > ports/linux/pseudo_wrappers.c | 7 +++++++ > ports/linux/wrapfuncs.in | 1 + > 4 files changed, 23 insertions(+) > create mode 100644 ports/linux/guts/capset.c > > diff --git a/ports/linux/guts/capset.c b/ports/linux/guts/capset.c > new file mode 100644 > index 0000000..51e0cdf > --- /dev/null > +++ b/ports/linux/guts/capset.c > @@ -0,0 +1,13 @@ > +/* > + * Copyright (c) 2016 Wind River Systems; see > + * guts/COPYRIGHT for information. > + * > + * int capset(cap_user_header_t hdrp, const cap_user_data_t datap) > + * int rc = -1; > + */ > + > + rc = real_capset(hdrp, datap); > + > +/* return rc; > + * } > + */ > diff --git a/ports/linux/portdefs.h b/ports/linux/portdefs.h > index f0a0e40..d8c5020 100644 > --- a/ports/linux/portdefs.h > +++ b/ports/linux/portdefs.h > @@ -25,3 +25,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.2.5); > #elif defined(__i386__) > GLIBC_COMPAT_SYMBOL(memcpy,2.0); > #endif > + > +#include <linux/capability.h> > diff --git a/ports/linux/pseudo_wrappers.c b/ports/linux/pseudo_wrappers.c > index 26b29b0..c6c072b 100644 > --- a/ports/linux/pseudo_wrappers.c > +++ b/ports/linux/pseudo_wrappers.c > @@ -31,3 +31,10 @@ int > pseudo_fstat64(int fd, struct stat64 *buf) { > return real___fxstat64(_STAT_VER, fd, buf); > } > + > +int pseudo_capset(cap_user_header_t hdrp, const cap_user_data_t datap) { > + (void)hdrp; > + (void)datap; > + > + return 0; > +} > diff --git a/ports/linux/wrapfuncs.in b/ports/linux/wrapfuncs.in > index 3b8955a..578db35 100644 > --- a/ports/linux/wrapfuncs.in > +++ b/ports/linux/wrapfuncs.in > @@ -51,3 +51,4 @@ int euidaccess(const char *path, int mode); > int getpw(uid_t uid, char *buf); > int getpwent_r(struct passwd *pwbuf, char *buf, size_t buflen, struct > passwd **pwbufp); > int getgrent_r(struct group *gbuf, char *buf, size_t buflen, struct group > **gbufp); > +int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* > real_func=pseudo_capset */ > -- > 2.8.0 > > -- > _______________________________________________ > yocto mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/yocto >
-- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
