libcap-ng update coming to rawhide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

A new version of libcap-ng is going to be released next week. Normally this 
isn't newsworthy, nor is this a soname version bump. But it is important to 
let the broader community know something about it. The behaviour of 
capng_apply is changing slightly.

In the past, capng_apply would silently eat errors when the bounding set 
could not be changed. In order to change the bounding set, you have to have 
CAP_SETPCAP. A developer reported an issue in github where their project 
needed to know that capng_apply was completely successful changing the 
bounding set. Meaning that they need an error returned. I didn't think too 
much of it and made the change.

Then one day I noticed that I could not update a package against Fedora's git 
or push a change. Looking into this, I found gnome-keyring was not working. 
[1]  I dug into the source code and found that it was trying to change the 
bounding set when it had partial capabilities. The fix is to simply verify 
that you have CAP_SETPCAP before attempting this.

I don't know of any other software that is affected. But I wanted to give 
everyone a heads up before I push it out. I always dogfood libraries I work 
on, so maybe this is the only issue.

Eventually libcap-ng needs to get pushed over to F33 because there is a 
problem with ambient capailities that the new release fixes. And speaking of 
ambient capabilities, the new version of libcap-ng contains a new library 
libdrop_ambient.so. You can use it with LD_PRELOAD to force an app to drop 
ambient capabilities leaving the other capabilities intact. All the work is 
done in the constructor, so no function calls are needed.

Best Regards,
-Steve

1 - https://bugzilla.redhat.com/show_bug.cgi?id=1888978

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux