add layer meta-app-framework

[AGL/meta-agl.git] / meta-app-framework / recipes-support / libcap / libcap / removing-capability-enforcement.patch
diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch

new file mode 100644 (file)

index 0000000..fd01c19
--- /dev/null
+++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch
@@ -0,0 +1,79 @@
+From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Fri, 22 Jan 2016 16:23:59 +0100
+Subject: [PATCH] removing capability enforcement
+
+Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30
+---
+ progs/setcap.c | 43 -------------------------------------------
+ 1 file changed, 43 deletions(-)
+
+diff --git a/progs/setcap.c b/progs/setcap.c
+index 83090ae..01faa17 100644
+--- a/progs/setcap.c
++++ b/progs/setcap.c
+@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer)
+ 
+ int main(int argc, char **argv)
+ {
+-    int tried_to_cap_setfcap = 0;
+     char buffer[MAXCAP+1];
+     int retval, quiet=0, verify=0;
+     cap_t mycaps;
+@@ -150,53 +149,11 @@ int main(int argc, char **argv)
+               printf("%s: OK\n", *argv);
+           }
+       } else {
+-          if (!tried_to_cap_setfcap) {
+-              capflag = CAP_SETFCAP;
+-
+-              /*
+-               * Raise the effective CAP_SETFCAP.
+-               */
+-              if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET)
+-                  != 0) {
+-                  perror("unable to manipulate CAP_SETFCAP - "
+-                         "try a newer libcap?");
+-                  exit(1);
+-              }
+-              if (cap_set_proc(mycaps) != 0) {
+-                  perror("unable to set CAP_SETFCAP effective capability");
+-                  exit(1);
+-              }
+-              tried_to_cap_setfcap = 1;
+-          }
+           retval = cap_set_file(*++argv, cap_d);
+           if (retval != 0) {
+-              int explained = 0;
+-#ifdef linux
+-              cap_value_t cap;
+-              cap_flag_value_t per_state;
+-
+-              for (cap = 0;
+-                   cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
+-                   cap++) {
+-                  cap_flag_value_t inh_state, eff_state;
+-
+-                  cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
+-                  cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
+-                  if ((inh_state | per_state) != eff_state) {
+-                      fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
+-                              "      exactly match the union of selected permitted and inheritable bits.\n");
+-                      explained = 1;
+-                      break;
+-                  }
+-              }
+-#endif /* def linux */
+-              
+               fprintf(stderr,
+                       "Failed to set capabilities on file `%s' (%s)\n",
+                       argv[0], strerror(errno));
+-              if (!explained) {
+-                  usage();
+-              }
+           }
+       }
+       if (cap_d) {
+-- 
+2.1.4
+