#13143 closed enhancement (fixed)
libcap-2.33 (wait for lfs)
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (7)
comment:1 by , 4 years ago
| Summary: | libcap-2.32 → libcap-2.32 (wait for lfs) |
|---|
comment:2 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 4 years ago
| Summary: | libcap-2.32 (wait for lfs) → libcap-2.33 (wait for lfs) |
|---|
comment:4 by , 4 years ago
Release notes for 2.33 posted Feb 23, 2020
- This release implements cap_launch functionality
- cap_launch is a feature that will launch (fork+exec) a new program in such a way that it can inherit capabilities and a mode not held by the parent and without changing those of the parent.
- This feature is available in C as cap_launch() and in Go as cap.(*cap.Launcher).Launch()
- It also introduces an IAB abstraction for the three inherited flavors of capability vector:
- the I (inheritable set) of cap_t
- the A (ambient) alternative to file capabilities
- the B (blocking) vector [which is implemented as the inverse of the kernel's bounding set].
- pam_cap uses the above IAB abstraction instead of its own config parsing.
- libpsx now does sane things when the program fork()s. Namely the child experiences a single threaded libcap, but the parent continues to treat all threads as having a shared privilege state.
- Text format fix for getcap error output.
Note:
See TracTickets
for help on using tickets.
Now version 2.33.