| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We also add the cap.ProcRoot() API to let the user redirect to their
local /proc/ directory - in case anyone runs with an unusual setup
like that.
I've been studying the downstream package definitions and no one
it doesn't seem popular to build the Go packages. Indeed, Go folk
themselves prefer to install via modules anyway, so we're getting
with the program.
However, if folk want to build test the Go stuff as part of a package
build and run an install as well, we reward them with the 'captree'
binary.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a small command line utility for doing something like pstree
but focused on revealing the full capability state of the processes
and threads shown.
This requires support provided in the cap.IABGetPID() function which
will debut in libcap-2.54. For now, the binary is only buildable from
HEAD in the git repository.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
Typos found with codespell
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
I still have some things I want to explore with this example, so I
don't want to give the impression this is a stable example.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
They had become stale.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Go has its own notion of major version, and this commit raises
it from 0 to 1. That is, these modules should now be considered
stable.
The sources for the 1.2.48 and the 0.2.48 modules are otherwise
identical.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
| |
The whole uid=0 thing is so convoluted with privilege, best to just
avoid it by default.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since go 1.15 doesn't require the wrapping linker trick, I'm recommending
that version of Go for building it. Also add a test of building the
setid and gowns sources in the .../go/ directory.
At this stage, I'm imagining a tutorial on how gowns works here:
https://sites.google.com/site/fullycapable/getting-started-with-go
but I haven't started writing that yet. I first want to confirm the
state of all the features I want to use.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
| |
Also, simplify how to set a range of uids/gids from the commandline.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
A short program in Go that can invoke a UID namespaced application
it can also be used to launch capability modified programs using
IAB and mode. This is a reduced feature set over the more complete
capsh program - with the exception of namespace support.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
|
|
|
|
|
| |
This is something pretty fundamental that a number of folk have asked
about. It is essentially the motivating issue for:
https://github.com/golang/go/issues/1435
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
| |
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
I've written up how to build web.go here:
https://sites.google.com/site/fullycapable/building-go-programs-that-manipulate-capabilities
But it struc me that the code itself does not explain about the
CGO_LDFLAGS_ALLOW workaround, so I've relocated the web.go code
and included a README as well as a pointer to the above explanation.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|