Hello community, here is the log from the commit of package compartm checked in at Tue Apr 29 23:17:27 CEST 2008. -------- --- compartm/compartm.changes 2007-02-11 11:53:08.000000000 +0100 +++ compartm/compartm.changes 2008-04-29 18:50:48.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Apr 29 18:40:57 CEST 2008 - mt@suse.de + +- Updated cap no/name array to reflect current capabilities +- Fixed to use correct printf format for a size_t type +- Recreated compartment-1.1.diff patch file +- Removed obsolete ia64.diff + +------------------------------------------------------------------- Old: ---- ia64.diff New: ---- compartment-1.1-format.dif compartment-1.1-newcaps.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ compartm.spec ++++++ --- /var/tmp/diff_new_pack.w14035/_old 2008-04-29 23:15:19.000000000 +0200 +++ /var/tmp/diff_new_pack.w14035/_new 2008-04-29 23:15:19.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package compartm (Version 1.1) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -9,18 +9,20 @@ # + Name: compartm Version: 1.1 -Release: 340 -License: GNU General Public License (GPL) +Release: 409 +License: GPL v2 or later Group: Productivity/Security -Autoreqprov: on +AutoReqProv: on Summary: A Wrapper to Securely Run Insecure or Untrusted Programs Source: compartment-%version.tar.gz -Patch: compartment-%version.diff -Patch1: ia64.diff -Patch2: compartment-%version-prctl.patch -Patch3: compartment-1.1-nochown.patch +Patch0: compartment-%version.diff +Patch1: compartment-%version-prctl.patch +Patch2: compartment-%version-nochown.patch +Patch3: compartment-%version-format.dif +Patch4: compartment-%version-newcaps.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -36,20 +38,21 @@ Marc Heuse <marc@suse.de> %define kversion %(uname -r) + %prep %setup -n compartment-%version -%patch -p1 -%ifarch ia64 -%patch1 -p1 -%endif -%patch2 -p1 -b .prctl +%patch0 -p1 +%patch1 -p1 -b .prctl +%patch2 %patch3 +%patch4 %build make %install rm -rf $RPM_BUILD_ROOT +mkdir $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/sbin make DESTDIR=$RPM_BUILD_ROOT install @@ -62,28 +65,33 @@ %_mandir/man1/compartment.1* /usr/sbin/compartment -%changelog -n compartm -* Sun Feb 11 2007 - ro@suse.de +%changelog +* Tue Apr 29 2008 mt@suse.de +- Updated cap no/name array to reflect current capabilities +- Fixed to use correct printf format for a size_t type +- Recreated compartment-1.1.diff patch file +- Removed obsolete ia64.diff +* Sun Feb 11 2007 ro@suse.de - fix build as non-root -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Sat Apr 09 2005 - coolo@suse.de +* Sat Apr 09 2005 coolo@suse.de - fix C -* Wed Jul 23 2003 - coolo@suse.de +* Wed Jul 23 2003 coolo@suse.de - use BuildRoot -* Fri Jan 10 2003 - aj@suse.de +* Fri Jan 10 2003 aj@suse.de - Fix multi-line strings. -* Tue Sep 17 2002 - ro@suse.de +* Tue Sep 17 2002 ro@suse.de - removed bogus self-provides -* Wed Aug 07 2002 - okir@suse.de +* Wed Aug 07 2002 okir@suse.de - updated to compartment 1.1 - added patch to use prctl(PR_KEEPCAPS) when using capabilities _and_ changing to a non-root user. -* Wed Oct 10 2001 - stepan@suse.de +* Wed Oct 10 2001 stepan@suse.de - fixed to compile for ia64 -* Thu Apr 05 2001 - uli@suse.de +* Thu Apr 05 2001 uli@suse.de - removed lx_suse from neededforbuild -* Fri Nov 17 2000 - ro@suse.de +* Fri Nov 17 2000 ro@suse.de - fixed to compile -* Fri Jun 30 2000 - mt@suse.de +* Fri Jun 30 2000 mt@suse.de - new version ++++++ compartment-1.1.diff ++++++ --- /var/tmp/diff_new_pack.w14035/_old 2008-04-29 23:15:19.000000000 +0200 +++ /var/tmp/diff_new_pack.w14035/_new 2008-04-29 23:15:19.000000000 +0200 @@ -1,53 +1,5 @@ ---- compartment-1.1/Makefile.suse 2000-04-24 13:04:43.000000000 +0200 -+++ compartment-1.1/Makefile 2002-08-07 19:20:52.000000000 +0200 -@@ -1,10 +1,24 @@ --CC=gcc --OPTS=-Wall -O2 --BIN_DIR=/usr/sbin -+# Makefile for compartment -+ -+OPTS=$(RPM_OPT_FLAGS) -+ROOT=$(RPM_BUILD_ROOT) -+ -+ifeq ($(CC),) -+ CC=gcc -+endif -+ifeq ($(RPM_OPT_FLAGS),) -+ OPTS=-Wall -O2 -+endif -+ifeq ($(RPM_BUILD_ROOT),) -+ ROOT=/ -+endif -+ -+BIN_DIR=$(ROOT)/usr/sbin -+MAN_DIR=$(ROOT)/usr/share/man/man1 -+DOC_DIR=$(ROOT)/usr/doc/packages/compartment -+ - BIN_LIST=compartment --DOC_DIR=/usr/doc/packages/compartment - DOC_LIST=README LICENCE CHANGES TODO --MAN_DIR=/usr/share/man/man1 - MAN_LIST=compartment.1 - - all: compartment -@@ -16,9 +30,12 @@ - clean: - rm -f ${BIN_LIST} core *~ - --install: compartment -+install: ${BIN_LIST} - install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR} -- install -d -o root -g root -m 755 ${DOC_DIR} -- install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR} - install -d -o root -g root -m 755 ${MAN_DIR} - install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR} -+ -+install.doc: ${DOC_LIST} -+ install -d -o root -g root -m 755 ${DOC_DIR} -+ install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR} -+ ---- compartment-1.1/compartment.c.suse 2002-08-07 19:20:24.000000000 +0200 -+++ compartment-1.1/compartment.c 2002-08-07 19:20:52.000000000 +0200 +--- compartment-1.1/compartment.c ++++ compartment-1.1/compartment.c 2008/04/29 13:59:03 @@ -29,6 +29,7 @@ #include <string.h> #include <stdlib.h> @@ -56,9 +8,7 @@ #include <linux/capability.h> #include <stdarg.h> #include <syslog.h> ---- compartment/compartment.c~ 2003-01-10 17:28:31.000000000 +0100 -+++ compartment/compartment.c 2003-01-10 17:30:17.000000000 +0100 -@@ -74,18 +74,18 @@ +@@ -74,18 +75,18 @@ void help() { fprintf(stderr, "%s %s %s %s\n\n", PROGRAM_NAME, VERSION, AUTHOR, POINTER); fprintf(stderr, "Syntax: %s [options] /full/path/to/program\n", prg); @@ -89,7 +39,19 @@ tmp = 0; while(strlen(cap_set_names[tmp])>0) fprintf(stderr," %s",cap_set_names[tmp++]); -@@ -418,11 +418,11 @@ +@@ -175,9 +176,9 @@ + my_secure(); + openlog("SuSEcompartment", LOG_PID, LOG_DAEMON); + if (sizeof(uid_t) == 4) { +- (unsigned long int) uidrange = 65535; ++ uidrange = 65535; + } else { if (sizeof(uid_t) == 8) { +- (unsigned long int) uidrange = (unsigned long int) 2147483646; //4294967295; ++ uidrange = (unsigned long int) 2147483646; //4294967295; + } else + fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t)); + } +@@ -418,11 +419,11 @@ if (access(_argv[0], X_OK) < 0) print_msg("Execute bit missing, or no permissions to execute %s\n", _argv[0]); else @@ -106,9 +68,38 @@ } return 1; ---- Makefile.orig 2005-04-09 19:33:54.529312449 +0200 -+++ ./Makefile 2005-04-09 19:33:59.068524557 +0200 -@@ -25,7 +25,6 @@ all: compartment +--- compartment-1.1/Makefile ++++ compartment-1.1/Makefile 2008/04/29 13:59:03 +@@ -1,24 +1,40 @@ +-CC=gcc +-OPTS=-Wall -O2 +-BIN_DIR=/usr/sbin ++# Makefile for compartment ++ ++OPTS=$(RPM_OPT_FLAGS) ++ROOT=$(RPM_BUILD_ROOT) ++ ++ifeq ($(CC),) ++ CC=gcc ++endif ++ifeq ($(RPM_OPT_FLAGS),) ++ OPTS=-Wall -O2 ++endif ++ifeq ($(RPM_BUILD_ROOT),) ++ ROOT=/ ++endif ++ ++BIN_DIR=$(ROOT)/usr/sbin ++MAN_DIR=$(ROOT)/usr/share/man/man1 ++DOC_DIR=$(ROOT)/usr/doc/packages/compartment ++ + BIN_LIST=compartment +-DOC_DIR=/usr/doc/packages/compartment + DOC_LIST=README LICENCE CHANGES TODO +-MAN_DIR=/usr/share/man/man1 + MAN_LIST=compartment.1 + + all: compartment compartment: compartment.c ${CC} ${OPTS} -o ${BIN_LIST} compartment.c @@ -116,17 +107,16 @@ clean: rm -f ${BIN_LIST} core *~ ---- compartment.c.orig 2005-04-09 19:33:03.114236542 +0200 -+++ ./compartment.c 2005-04-09 19:33:28.418844493 +0200 -@@ -177,9 +177,9 @@ int main (int argc, char *argv[]) { - my_secure(); - openlog("SuSEcompartment", LOG_PID, LOG_DAEMON); - if (sizeof(uid_t) == 4) { -- (unsigned long int) uidrange = 65535; -+ uidrange = 65535; - } else { if (sizeof(uid_t) == 8) { -- (unsigned long int) uidrange = (unsigned long int) 2147483646; //4294967295; -+ uidrange = (unsigned long int) 2147483646; //4294967295; - } else - fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t)); - } + +-install: compartment ++install: ${BIN_LIST} + install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR} +- install -d -o root -g root -m 755 ${DOC_DIR} +- install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR} + install -d -o root -g root -m 755 ${MAN_DIR} + install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR} ++ ++install.doc: ${DOC_LIST} ++ install -d -o root -g root -m 755 ${DOC_DIR} ++ install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR} ++ ++++++ compartment-1.1-format.dif ++++++ --- compartment.c +++ compartment.c 2008/04/29 14:06:35 @@ -181,7 +181,7 @@ } else { if (sizeof(uid_t) == 8) { uidrange = (unsigned long int) 2147483646; //4294967295; } else - fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t)); + fprintf(stderr, "Warning: weird uid size: %zd\n", sizeof(uid_t)); } program_params = 1; ++++++ compartment-1.1-newcaps.dif ++++++ --- compartment.c +++ compartment.c 2008/04/29 16:33:48 @@ -45,21 +45,25 @@ char *_env[] = { "HOME=/", "COMPARTMENT=YES", "PATH=/bin:/usr/bin:/", "" }; -int cap_set_no[29] = { +#ifndef CAP_TO_MASK +#define CAP_TO_MASK(x) (1 << ((x) & 31)) +#endif +int cap_set_no[] = { CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH,CAP_FOWNER,CAP_FSETID, - CAP_FS_MASK,CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE, - CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK, - CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,CAP_SYS_PTRACE, - CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,CAP_SYS_RESOURCE, - CAP_SYS_TIME,CAP_SYS_TTY_CONFIG, 0 }; -char cap_set_names[29][29] = { + CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE, + CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW, + CAP_IPC_LOCK,CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT, + CAP_SYS_PTRACE,CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE, + CAP_SYS_RESOURCE,CAP_SYS_TIME,CAP_SYS_TTY_CONFIG,CAP_MKNOD,CAP_LEASE, + CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL, 0 }; +char cap_set_names[][32] = { "CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID", - "CAP_FS_MASK","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST", - "CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE", - "CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT", - "CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE","CAP_SYS_RESOURCE","CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", "" }; + "CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE", + "CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW", + "CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE","CAP_SYS_RAWIO","CAP_SYS_CHROOT", + "CAP_SYS_PTRACE","CAP_SYS_PACCT","CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE", + "CAP_SYS_RESOURCE","CAP_SYS_TIME","CAP_SYS_TTY_CONFIG","CAP_MKNOD","CAP_LEASE", + "CAP_AUDIT_WRITE","CAP_AUDIT_CONTROL", "" }; extern int capset(cap_user_header_t header, cap_user_data_t data); extern char **environ; @@ -246,7 +250,7 @@ while((temp == caps) && (strlen(cap_set_names[tmp]) > 0)) { if (strcmp(argv[program_params], cap_set_names[tmp]) == 0) { temp = cap_set_no[tmp]; - caps |= (1<<((temp)&31)); + caps |= CAP_TO_MASK(temp); if (verbose) print_msg("Capabilities will be set to 0x%0x\n",caps); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org