Changeset 2a0c0da for postlfs/security
- Timestamp:
- 08/25/2014 08:39:51 PM (10 years ago)
- Branches:
- systemd-11177
- Children:
- e680d14a
- Parents:
- 296a7beb
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libcap.xml
r296a7beb r2a0c0da 32 32 <para>The <application>libcap</application> package was installed in 33 33 LFS, but if PAM support is desired, it needs to be reinstalled after 34 PAM is built.</para> 35 &lfs75_checked; 34 PAM is built so the shipped PAM module can be installed.</para> 35 36 &lfs76_checked; 36 37 37 38 <bridgehead renderas="sect3">Package Information</bridgehead> … … 60 61 61 62 <bridgehead renderas="sect4">Required</bridgehead> 62 <para role="required"><xref linkend="linux-pam"/></para> 63 <para role="required"> 64 <xref linkend="linux-pam"/> 65 </para> 63 66 64 67 <para condition="html" role="usernotes">User Notes: … … 73 76 commands:</para> 74 77 75 <screen><userinput>sed -i 's:LIBDIR:PAM_&:g' pam_cap/Makefile && 76 make</userinput></screen> 78 <screen><userinput>make -C pam_cap</userinput></screen> 77 79 78 80 <para>This package does not come with a test suite.</para> 79 81 80 <para>81 If you want to disable installing the static library, use this sed:82 </para>83 84 <screen><userinput>sed -i '/install.*STALIBNAME/ s/^/#/' libcap/Makefile</userinput></screen>85 86 82 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 87 83 88 <screen role="root"><userinput>make prefix=/usr \ 89 SBINDIR=/sbin \ 90 PAM_LIBDIR=/lib \ 91 RAISE_SETFCAP=no install</userinput></screen> 92 93 <para> 94 Still as the <systemitem class="username">root</systemitem> user, 95 clean up some library locations and permissions: 96 </para> 97 98 <screen role="root"><userinput>chmod -v 755 /usr/lib/libcap.so && 99 mv -v /usr/lib/libcap.so.* /lib && 100 ln -sfv ../../lib/libcap.so.2 /usr/lib/libcap.so</userinput></screen> 84 <screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security/pam_cap.so && 85 install -v -m644 pam_cap/capability.conf /etc/security</userinput></screen> 101 86 102 87 </sect2> … … 104 89 <sect2 role="commands"> 105 90 <title>Command Explanations</title> 106 107 <para>108 <command>sed -i '...'</command>, <parameter>PAM_LIBDIR=/lib</parameter>:109 These correct PAM module install location.110 </para>111 112 <para><parameter>RAISE_SETFCAP=no</parameter>: This parameter skips trying113 to use <application>setcap</application> on itself. This avoids an installation114 error if the kernel or file system do not support extended capabilities.</para>115 116 </sect2>117 91 118 92 <sect2 role="content"> … … 125 99 126 100 <seglistitem> 127 <seg> capsh, getcap, getpcaps, and setcap</seg>128 <seg> libcap.{so,a}</seg>101 <seg>None</seg> 102 <seg>pam_cap.so</seg> 129 103 <seg>None</seg> 130 104 </seglistitem> 131 105 </segmentedlist> 132 106 133 <variablelist>134 <bridgehead renderas="sect3">Short Descriptions</bridgehead>135 <?dbfo list-presentation="list"?>136 <?dbhtml list-presentation="table"?>137 138 <varlistentry id="capsh">139 <term><command>capsh</command></term>140 <listitem>141 <para>is a shell wrapper to explore and constrain capability support.</para>142 <indexterm zone="libcap-pam capsh">143 <primary sortas="b-capsh">capsh</primary>144 </indexterm>145 </listitem>146 </varlistentry>147 148 <varlistentry id="getcap">149 <term><command>getcap</command></term>150 <listitem>151 <para>examines file capabilities.</para>152 <indexterm zone="libcap-pam getcap">153 <primary sortas="b-getcap">getcap</primary>154 </indexterm>155 </listitem>156 </varlistentry>157 158 <varlistentry id="getpcaps">159 <term><command>getpcaps</command></term>160 <listitem>161 <para>displays the capabilities on the queried process(es).</para>162 <indexterm zone="libcap-pam getpcaps">163 <primary sortas="b-getpcaps">getpcaps</primary>164 </indexterm>165 </listitem>166 </varlistentry>167 168 <varlistentry id="setcap">169 <term><command>setcap</command></term>170 <listitem>171 <para>sets file file capabilities.</para>172 <indexterm zone="libcap-pam setcap">173 <primary sortas="b-setcap">setcap</primary>174 </indexterm>175 </listitem>176 </varlistentry>177 178 <varlistentry id="libcap-lib">179 <term><filename class='libraryfile'>libcap.{so,a}</filename></term>180 <listitem>181 <para>contains the <application>libcap</application> API functions.</para>182 <indexterm zone="libcap-pam libcap-lib">183 <primary sortas="c-libcap">libcap.{so,a}</primary>184 </indexterm>185 </listitem>186 </varlistentry>187 188 </variablelist>189 190 107 </sect2> 191 108
Note:
See TracChangeset
for help on using the changeset viewer.