Changeset f586237 for postlfs/security/libcap.xml

Timestamp:

06/05/2016 05:57:10 AM (8 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

422bd2c

Parents:

eb3dbe3

Message:

[Systemd merge] - Complete changes for Chapter 4.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17446 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/libcap.xml (modified) (4 diffs)

postlfs/security/libcap.xml

@@ -30 +30 @@
     <title>Introduction to libcap with PAM</title>
 
-    <para>The <application>libcap</application> package was installed in
-    LFS, but if PAM support is desired, it needs to be reinstalled after
-    PAM is built.</para>
+    <para>The <application>libcap</application> package was installed in 
+    LFS, but if <application>Linux-PAM</application> support is desired,
+    the PAM module must be built (after installation of
+    <application>Linux-PAM</application>).</para>
 
     &lfs79_checked;&gcc6_checked;
@@ -61 +62 @@
 
     <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="linux-pam"/></para>
+    <para role="required">
+      <xref linkend="linux-pam"/>
+    </para>
 
     <para condition="html" role="usernotes">User Notes:
@@ -74 +77 @@
     commands:</para>
 
-<screen><userinput>sed -i 's:LIBDIR:PAM_&amp;:g' pam_cap/Makefile &amp;&amp;
-make</userinput></screen>
+<screen><userinput>make -C pam_cap</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
 
-    <para>
-      If you want to disable installing the static library, use this sed:
-    </para>
-
-<screen><userinput>sed -i '/install.*STALIBNAME/ s/^/#/' libcap/Makefile</userinput></screen>
-
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>make prefix=/usr \
-     SBINDIR=/sbin \
-     PAM_LIBDIR=/lib \
-     RAISE_SETFCAP=no install</userinput></screen>
-
-   <para>
-     Still as the <systemitem class="username">root</systemitem> user,
-     clean up some library locations and permissions:
-   </para>
-
-<screen role="root"><userinput>chmod -v 755 /usr/lib/libcap.so &amp;&amp;
-mv -v /usr/lib/libcap.so.* /lib &amp;&amp;
-ln -sfv ../../lib/libcap.so.2 /usr/lib/libcap.so</userinput></screen>
-
-  </sect2>
-
-  <sect2 role="commands">
-    <title>Command Explanations</title>
-
-    <para>
-      <command>sed -i '...'</command>, <parameter>PAM_LIBDIR=/lib</parameter>:
-      These correct PAM module install location.
-    </para>
-
-    <para><parameter>RAISE_SETFCAP=no</parameter>: This parameter skips trying
-    to use <application>setcap</application> on itself.  This avoids an installation
-    error if the kernel or file system do not support extended capabilities.</para>
+<screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security &amp;&amp;
+install -v -m644 pam_cap/capability.conf /etc/security</userinput></screen>
 
   </sect2>
@@ -122 +93 @@
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
-      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Library</segtitle>
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>capsh, getcap, getpcaps, and setcap</seg>
-        <seg>libcap.{so,a} and pam_cap.so</seg>
+        <seg>None</seg>
+        <seg>pam_cap.so</seg>
         <seg>None</seg>
       </seglistitem>
     </segmentedlist>
 
-    <variablelist>
-      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
-      <?dbfo list-presentation="list"?>
-      <?dbhtml list-presentation="table"?>
-
-      <varlistentry id="capsh">
-        <term><command>capsh</command></term>
-        <listitem>
-          <para>is a shell wrapper to explore and constrain capability support.</para>
-          <indexterm zone="libcap-pam capsh">
-            <primary sortas="b-capsh">capsh</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry id="getcap">
-        <term><command>getcap</command></term>
-        <listitem>
-          <para>examines file capabilities.</para>
-          <indexterm zone="libcap-pam getcap">
-            <primary sortas="b-getcap">getcap</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry id="getpcaps">
-        <term><command>getpcaps</command></term>
-        <listitem>
-          <para>displays the capabilities on the queried process(es).</para>
-          <indexterm zone="libcap-pam getpcaps">
-            <primary sortas="b-getpcaps">getpcaps</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry id="setcap">
-        <term><command>setcap</command></term>
-        <listitem>
-          <para>sets file file capabilities.</para>
-          <indexterm zone="libcap-pam setcap">
-            <primary sortas="b-setcap">setcap</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry id="libcap-lib">
-        <term><filename class='libraryfile'>libcap.{so,a}</filename></term>
-        <listitem>
-          <para>contains the <application>libcap</application> API functions.</para>
-          <indexterm zone="libcap-pam libcap-lib">
-            <primary sortas="c-libcap">libcap.{so,a}</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
   </sect2>