[libcap-ng] Remove PR_SET_NO_NEW_PRIVS call in capng_lock

Steve Grubb sgrubb at fedoraproject.org
Thu May 1 02:07:28 UTC 2014 

commit c8b3078055aa3028a11a446c96439b8301fe4567
Author: sgrubb <sgrubb at redhat.com>
Date:   Wed Apr 30 22:07:42 2014 -0400

    Remove PR_SET_NO_NEW_PRIVS call in capng_lock

 libcap-ng-0.7.5-no-no_new_privs.patch |   14 ++++++++++++++
 libcap-ng.spec                        |    7 ++++++-
 2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/libcap-ng-0.7.5-no-no_new_privs.patch b/libcap-ng-0.7.5-no-no_new_privs.patch
new file mode 100644
index 0000000..43477cc
--- /dev/null
+++ b/libcap-ng-0.7.5-no-no_new_privs.patch
@@ -0,0 +1,14 @@
+diff -urp libcap-ng-0.7.5.orig/src/cap-ng.c libcap-ng-0.7.5/src/cap-ng.c
+--- libcap-ng-0.7.5.orig/src/cap-ng.c	2014-04-30 21:44:23.000000000 -0400
++++ libcap-ng-0.7.5/src/cap-ng.c	2014-04-30 22:04:31.225062310 -0400
+@@ -710,10 +710,6 @@ int capng_lock(void)
+ 			1 << SECURE_NOROOT_LOCKED |
+ 			1 << SECURE_NO_SETUID_FIXUP |
+ 			1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
+-#ifdef PR_SET_NO_NEW_PRIVS
+-	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
+-		return -1;
+-#endif
+ 	if (rc)
+ 		return -1;
+ #endif
diff --git a/libcap-ng.spec b/libcap-ng.spec
index f928d9a..b6ce860 100644
--- a/libcap-ng.spec
+++ b/libcap-ng.spec
@@ -3,11 +3,12 @@
 Summary: An alternate posix capabilities library
 Name: libcap-ng
 Version: 0.7.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://people.redhat.com/sgrubb/libcap-ng
 Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
+Patch1: libcap-ng-0.7.5-no-no_new_privs.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: kernel-headers >= 2.6.11 
 
@@ -50,6 +51,7 @@ lets you set the file system based capabilities.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure --libdir=/%{_lib}
@@ -111,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644,root,root) %{_mandir}/man8/*
 
 %changelog
+* Wed Apr 30 2014 Steve Grubb <sgrubb at redhat.com> 0.7.4-2
+- Remove PR_SET_NO_NEW_PRIVS call in capng_lock
+
 * Thu Apr 24 2014 Steve Grubb <sgrubb at redhat.com> 0.7.4-1
 - New upstream release

More information about the scm-commits mailing list