diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2020-05-10 13:32:00 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2020-05-10 13:32:00 -0700 |
| commit | f88e342840faa27ba519cc89d3e39b936f4cce32 (patch) | |
| tree | 0ebcc6aeedef75a7d2aaf739eb45079277c2444a | |
| parent | 1f7f77c32e51e89f22ae271bae12b9103f28af2b (diff) | |
| download | libcap2-f88e342840faa27ba519cc89d3e39b936f4cce32.tar.gz | |
Replace PerOSThreadSyscall*() with AllThreadsSyscall*().
The latest iteration of the golang patch [*] for supporting a
syscall API that can normalize privilege over the whole runtime
(aka POSIX semantics) has renamed this API. The API also now
drops this functionality when CGO is enabled, but that doesn't
affect libcap because libcap uses libpsx in this build
configuration.
[*] https://go-review.googlesource.com/c/go/+/210639/
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rw-r--r-- | cap/cap.go | 9 | ||||
| -rwxr-xr-x | go/cgo-required.sh | 4 | ||||
| -rwxr-xr-x | go/syscalls.sh | 10 |
3 files changed, 11 insertions, 12 deletions
@@ -5,12 +5,11 @@ // POSIX semantics system calls that manipulate process state. // // If the Go runtime syscall interface contains the -// syscall.PerOSThreadSyscall() API then then this package will use -// that to invoke capability setting system calls for pure Go -// binaries. To force this behavior use the CGO_ENABLED=0 environment -// variable. +// syscall.AllThreadsSyscall() API then this package will use that to +// invoke capability setting system calls for pure Go binaries. To +// force this behavior use the CGO_ENABLED=0 environment variable. // -// If syscall.PerOSThreadSyscall() is not present, the "libcap/cap" +// If syscall.AllThreadsSyscall() is not present, the "libcap/cap" // package will failover to using "libcap/psx". package cap diff --git a/go/cgo-required.sh b/go/cgo-required.sh index 5e7e98f..7551138 100755 --- a/go/cgo-required.sh +++ b/go/cgo-required.sh @@ -1,11 +1,11 @@ #!/bin/bash # -# Runtime check for whether or not syscall.PerOSThreadSyscall is +# Runtime check for whether or not syscall.AllThreadsSyscall is # available to the working go runtime or not. If it isn't we always # have to use libcap/psx to get POSIX semantics for syscalls that # change security state. -if [ -z "$(go doc syscall 2>/dev/null|grep PerOSThreadSyscall)" ]; then +if [ -z "$(go doc syscall 2>/dev/null|grep AllThreadsSyscall)" ]; then echo "1" else echo "0" diff --git a/go/syscalls.sh b/go/syscalls.sh index 5affe11..9733d97 100755 --- a/go/syscalls.sh +++ b/go/syscalls.sh @@ -7,8 +7,8 @@ if [[ -z "$dir" ]]; then fi # We use one or the other syscalls.go file based on whether or not the -# Go runtime include syscall.PerOSThreadSyscall or not. -if [ -z "$(go doc syscall 2>/dev/null|grep PerOSThreadSyscall)" ]; then +# Go runtime include syscall.AllThreadsSyscall or not. +if [ -z "$(go doc syscall 2>/dev/null|grep AllThreadsSyscall)" ]; then rm -f "${dir}/syscalls_cgo.go" cat > "${dir}/syscalls.go" <<EOF // +build linux @@ -22,7 +22,7 @@ import ( // multisc provides syscalls overridable for testing purposes that // support a single kernel security state for all OS threads. -// (Go build tree has no syscall.PerOSThreadSyscall support.) +// (Go build tree has no syscall.AllThreadsSyscall support.) var multisc = &syscaller{ w3: psx.Syscall3, w6: psx.Syscall6, @@ -54,8 +54,8 @@ import "syscall" // multisc provides syscalls overridable for testing purposes that // support a single kernel security state for all OS threads. var multisc = &syscaller{ - w3: syscall.PerOSThreadSyscall, - w6: syscall.PerOSThreadSyscall6, + w3: syscall.AllThreadsSyscall, + w6: syscall.AllThreadsSyscall6, r3: syscall.RawSyscall, r6: syscall.RawSyscall6, } |