Changeset f586237 for postlfs/security/libcap.xml
- Timestamp:
- 06/05/2016 05:57:10 AM (8 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 422bd2c
- Parents:
- eb3dbe3
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libcap.xml
reb3dbe3 rf586237 30 30 <title>Introduction to libcap with PAM</title> 31 31 32 <para>The <application>libcap</application> package was installed in 33 LFS, but if PAM support is desired, it needs to be reinstalled after 34 PAM is built.</para> 32 <para>The <application>libcap</application> package was installed in 33 LFS, but if <application>Linux-PAM</application> support is desired, 34 the PAM module must be built (after installation of 35 <application>Linux-PAM</application>).</para> 35 36 36 37 &lfs79_checked;&gcc6_checked; … … 61 62 62 63 <bridgehead renderas="sect4">Required</bridgehead> 63 <para role="required"><xref linkend="linux-pam"/></para> 64 <para role="required"> 65 <xref linkend="linux-pam"/> 66 </para> 64 67 65 68 <para condition="html" role="usernotes">User Notes: … … 74 77 commands:</para> 75 78 76 <screen><userinput>sed -i 's:LIBDIR:PAM_&:g' pam_cap/Makefile && 77 make</userinput></screen> 79 <screen><userinput>make -C pam_cap</userinput></screen> 78 80 79 81 <para>This package does not come with a test suite.</para> 80 82 81 <para>82 If you want to disable installing the static library, use this sed:83 </para>84 85 <screen><userinput>sed -i '/install.*STALIBNAME/ s/^/#/' libcap/Makefile</userinput></screen>86 87 83 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 88 84 89 <screen role="root"><userinput>make prefix=/usr \ 90 SBINDIR=/sbin \ 91 PAM_LIBDIR=/lib \ 92 RAISE_SETFCAP=no install</userinput></screen> 93 94 <para> 95 Still as the <systemitem class="username">root</systemitem> user, 96 clean up some library locations and permissions: 97 </para> 98 99 <screen role="root"><userinput>chmod -v 755 /usr/lib/libcap.so && 100 mv -v /usr/lib/libcap.so.* /lib && 101 ln -sfv ../../lib/libcap.so.2 /usr/lib/libcap.so</userinput></screen> 102 103 </sect2> 104 105 <sect2 role="commands"> 106 <title>Command Explanations</title> 107 108 <para> 109 <command>sed -i '...'</command>, <parameter>PAM_LIBDIR=/lib</parameter>: 110 These correct PAM module install location. 111 </para> 112 113 <para><parameter>RAISE_SETFCAP=no</parameter>: This parameter skips trying 114 to use <application>setcap</application> on itself. This avoids an installation 115 error if the kernel or file system do not support extended capabilities.</para> 85 <screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security && 86 install -v -m644 pam_cap/capability.conf /etc/security</userinput></screen> 116 87 117 88 </sect2> … … 122 93 <segmentedlist> 123 94 <segtitle>Installed Programs</segtitle> 124 <segtitle>Installed Librar ies</segtitle>95 <segtitle>Installed Library</segtitle> 125 96 <segtitle>Installed Directories</segtitle> 126 97 127 98 <seglistitem> 128 <seg> capsh, getcap, getpcaps, and setcap</seg>129 <seg> libcap.{so,a} andpam_cap.so</seg>99 <seg>None</seg> 100 <seg>pam_cap.so</seg> 130 101 <seg>None</seg> 131 102 </seglistitem> 132 103 </segmentedlist> 133 104 134 <variablelist>135 <bridgehead renderas="sect3">Short Descriptions</bridgehead>136 <?dbfo list-presentation="list"?>137 <?dbhtml list-presentation="table"?>138 139 <varlistentry id="capsh">140 <term><command>capsh</command></term>141 <listitem>142 <para>is a shell wrapper to explore and constrain capability support.</para>143 <indexterm zone="libcap-pam capsh">144 <primary sortas="b-capsh">capsh</primary>145 </indexterm>146 </listitem>147 </varlistentry>148 149 <varlistentry id="getcap">150 <term><command>getcap</command></term>151 <listitem>152 <para>examines file capabilities.</para>153 <indexterm zone="libcap-pam getcap">154 <primary sortas="b-getcap">getcap</primary>155 </indexterm>156 </listitem>157 </varlistentry>158 159 <varlistentry id="getpcaps">160 <term><command>getpcaps</command></term>161 <listitem>162 <para>displays the capabilities on the queried process(es).</para>163 <indexterm zone="libcap-pam getpcaps">164 <primary sortas="b-getpcaps">getpcaps</primary>165 </indexterm>166 </listitem>167 </varlistentry>168 169 <varlistentry id="setcap">170 <term><command>setcap</command></term>171 <listitem>172 <para>sets file file capabilities.</para>173 <indexterm zone="libcap-pam setcap">174 <primary sortas="b-setcap">setcap</primary>175 </indexterm>176 </listitem>177 </varlistentry>178 179 <varlistentry id="libcap-lib">180 <term><filename class='libraryfile'>libcap.{so,a}</filename></term>181 <listitem>182 <para>contains the <application>libcap</application> API functions.</para>183 <indexterm zone="libcap-pam libcap-lib">184 <primary sortas="c-libcap">libcap.{so,a}</primary>185 </indexterm>186 </listitem>187 </varlistentry>188 189 </variablelist>190 191 105 </sect2> 192 106
Note:
See TracChangeset
for help on using the changeset viewer.