meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch

   1 From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001
   2 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
   3 Date: Fri, 22 Jan 2016 16:23:59 +0100
   4 Subject: [PATCH] removing capability enforcement
   5
   6 Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30
   7 ---
   8  progs/setcap.c | 43 -------------------------------------------
   9  1 file changed, 43 deletions(-)
  10
  11 diff --git a/progs/setcap.c b/progs/setcap.c
  12 index 83090ae..01faa17 100644
  13 --- a/progs/setcap.c
  14 +++ b/progs/setcap.c
  15 @@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer)
  16
  17  int main(int argc, char **argv)
  18  {
  19 -    int tried_to_cap_setfcap = 0;
  20      char buffer[MAXCAP+1];
  21      int retval, quiet=0, verify=0;
  22      cap_t mycaps;
  23 @@ -150,53 +149,11 @@ int main(int argc, char **argv)
  24                 printf("%s: OK\n", *argv);
  25             }
  26         } else {
  27 -           if (!tried_to_cap_setfcap) {
  28 -               capflag = CAP_SETFCAP;
  29 -
  30 -               /*
  31 -                * Raise the effective CAP_SETFCAP.
  32 -                */
  33 -               if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET)
  34 -                   != 0) {
  35 -                   perror("unable to manipulate CAP_SETFCAP - "
  36 -                          "try a newer libcap?");
  37 -                   exit(1);
  38 -               }
  39 -               if (cap_set_proc(mycaps) != 0) {
  40 -                   perror("unable to set CAP_SETFCAP effective capability");
  41 -                   exit(1);
  42 -               }
  43 -               tried_to_cap_setfcap = 1;
  44 -           }
  45             retval = cap_set_file(*++argv, cap_d);
  46             if (retval != 0) {
  47 -               int explained = 0;
  48 -#ifdef linux
  49 -               cap_value_t cap;
  50 -               cap_flag_value_t per_state;
  51 -
  52 -               for (cap = 0;
  53 -                    cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
  54 -                    cap++) {
  55 -                   cap_flag_value_t inh_state, eff_state;
  56 -
  57 -                   cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
  58 -                   cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
  59 -                   if ((inh_state | per_state) != eff_state) {
  60 -                       fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
  61 -                               "      exactly match the union of selected permitted and inheritable bits.\n");
  62 -                       explained = 1;
  63 -                       break;
  64 -                   }
  65 -               }
  66 -#endif /* def linux */
  67 -
  68                 fprintf(stderr,
  69                         "Failed to set capabilities on file `%s' (%s)\n",
  70                         argv[0], strerror(errno));
  71 -               if (!explained) {
  72 -                   usage();
  73 -               }
  74             }
  75         }
  76         if (cap_d) {
  77 --
  78 2.1.4
  79