chapter06/libcap.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../general.ent">
  %general-entities;
]>

<sect1 id="ch-system-libcap" role="wrap">
  <?dbhtml filename="libcap.html"?>

  <sect1info condition="script">
    <productname>libcap</productname>
    <productnumber>&libcap-version;</productnumber>
    <address>&libcap-url;</address>
  </sect1info>

  <title>Libcap-&libcap-version;</title>

  <indexterm zone="ch-system-libcap">
    <primary sortas="a-Libcap">Libcap</primary>
  </indexterm>

  <sect2 role="package">
    <title/>

    <para>The Libcap package implements the user-space interfaces to the POSIX
    1003.1e capabilities available in Linux kernels. These capabilities are a
    partitioning of the all powerful root privilege into a set of distinct
    privileges.</para>

    <segmentedlist>
      <segtitle>&buildtime;</segtitle>
      <segtitle>&diskspace;</segtitle>

      <seglistitem>
        <seg>&libcap-ch6-sbu;</seg>
        <seg>&libcap-ch6-du;</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

  <sect2 role="installation">
    <title>Installation of Libcap</title>

    <para>Prevent a static library from being installed:</para>

<screen><userinput remap="pre">sed -i '/install.*STACAPLIBNAME/d' libcap/Makefile</userinput></screen>

    <para>Compile the package:</para>

<screen><userinput remap="make">make lib=lib</userinput></screen>

    <variablelist>
      <title>The meaning of the make option:</title>

      <varlistentry>
        <term><parameter>lib=lib</parameter></term>
        <listitem>
          <para>This parameter sets the library directory to
          <filename>/lib</filename> rather than
          <filename>/lib64</filename> on x86_64. It has no effect on
          x86.</para>
        </listitem>
      </varlistentry>
    </variablelist>

    <para>To test the results, issue:</para>

<screen><userinput remap="test">make test</userinput></screen>

    <para>Install the package and do some cleanup:</para>

<screen><userinput remap="install">make lib=lib PKGCONFIGDIR=/usr/lib/pkgconfig install
chmod -v 755 /lib/libcap.so.&libcap-version;
mv -v /lib/libpsx.a /usr/lib
rm -v /lib/libcap.so
ln -sfv ../../lib/libcap.so.2 /usr/lib/libcap.so</userinput></screen>

  </sect2>

  <sect2 arch="ml_32,ml_all" role="installation">
    <title>Installation of Libcap - 32-bit</title>

    <para>Clean previous build:</para>

<screen><userinput remap="pre">make distclean</userinput></screen>

    <para>Compile the package:</para>

<screen><userinput remap="make">make CC="gcc -m32 -march=i686"</userinput></screen>

    <para>Install the package:</para>

<screen><userinput remap="install">make lib=lib32 prefix=$PWD/DESTDIR/usr -C libcap install
cp -Rv DESTDIR/usr/lib32/* /usr/lib32
chmod -v 755 /usr/lib32/libcap.so.&libcap-version;
rm -rf DESTDIR</userinput></screen>

  </sect2>

  <sect2 arch="ml_x32,ml_all" role="installation">
    <title>Installation of Libcap - x32-bit</title>

    <para>Clean previous build:</para>

<screen><userinput remap="pre">make distclean</userinput></screen>

    <para>Compile the package:</para>

<screen><userinput remap="make">make CC="gcc -mx32"</userinput></screen>

    <para>Install the package:</para>

<screen><userinput remap="install">make lib=libx32 prefix=$PWD/DESTDIR/usr -C libcap install
cp -Rv DESTDIR/usr/libx32/* /usr/libx32
chmod -v 755 /usr/libx32/libcap.so.&libcap-version;
rm -rf DESTDIR</userinput></screen>

  </sect2>

  <sect2 id="contents-libcap" role="content">
    <title>Contents of Libcap</title>

    <segmentedlist>
      <segtitle>Installed programs</segtitle>
      <segtitle>Installed library</segtitle>

      <seglistitem>
        <seg>capsh, getcap, getpcaps, and setcap</seg>
        <seg>libcap.so and libpsx.a</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="capsh">
        <term><command>capsh</command></term>
        <listitem>
          <para>A shell wrapper to explore and constrain capability support</para>
          <indexterm zone="ch-system-libcap capsh">
            <primary sortas="b-capsh">capsh</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getcap">
        <term><command>getcap</command></term>
        <listitem>
          <para>Examines file capabilities</para>
          <indexterm zone="ch-system-libcap getcap">
            <primary sortas="b-getcap">getcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getpcaps">
        <term><command>getpcaps</command></term>
        <listitem>
          <para>Displays the capabilities on the queried process(es)</para>
          <indexterm zone="ch-system-libcap getpcaps">
            <primary sortas="b-getpcaps">getpcaps</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="setcap">
        <term><command>setcap</command></term>
        <listitem>
          <para>Sets file capabilities</para>
          <indexterm zone="ch-system-libcap setcap">
            <primary sortas="b-setcap">setcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libcap">
        <term><filename class="libraryfile">libcap</filename></term>
        <listitem>
          <para>Contains the library functions for manipulating POSIX 1003.1e
          capabilities</para>
          <indexterm zone="ch-system-libcap libcap">
            <primary sortas="c-libcap">libcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libpsx">
        <term><filename class="libraryfile">libpsx</filename></term>
        <listitem>
          <para>Contains functions to support POSIX semantics for syscalls
          associated with the pthread library</para>
          <indexterm zone="ch-system-libcap libpsx">
            <primary sortas="c-libpsx">libpsx</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>