RELEASE NOTES FOR 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation checks
This program can be used to figure out what capabilities a program needs to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
(From OE-Core rev: 003a81171366956c899305ca9adc352d3c99c964)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9040e612084a561b1766bb86c9c002b811eea4c9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CHanges from 2.64:
- Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported by yixiangzhike.)
- Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. (Bug: 215926)
- Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports from nomonemo and Tinkerer One.)
- Improve documentation and help for the captree program.
- Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
- Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is preferred, but the older one is also used for continuity reasons. This set of signatures should also be available from the various key servers out there.
(From OE-Core rev: 70cd3c073512084fccb85b311911794ea895d3f2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c3b16a6d0d0d4246b44dec3b1818f435d32d04e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
./lat-sdk-poky-intel-x86-64-1.0.sh -y -d sdk-3
...
Setting it up...ERROR: could not relocate
/buildarea/raid5/hjia/community/lat_github_090816/build-3/tmp/deploy/sdk/sdk-3/sysroots/x86_64-pokysdk-linux/usr/lib/libpsx.so.2.54, interp size = 93 and 134 is needed.
...
Since upstream libcap applied commit [ee3b25c Support simply executing
the built shared libraries.][1], it manually append interp section to shared
libraries.
Refer the implement of Yocto glibc[2], allocated a 4096 byte .interp section
for nativesdk
[1] https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/commit/?id=ee3b25c0a877fa74d1aec88f325ac45b09963c82
[2] meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch
(From OE-Core rev: 99c62d5d134bf69021a348d40b6aa21f4fc5f8a8)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase patches.
Delete 0001-tests-do-not-statically-link-a-test.patch as centos
builds are now using their own buildtools.
(From OE-Core rev: ecadaa08956f53dfedee908a0344f512673b770b)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase 0001-tests-do-not-statically-link-a-test.patch
(From OE-Core rev: 86d657364bb2ed859ed7151d56cca431104d8279)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Fix-build-with-gperf-3.1.patch as it had been fixed upstream.
(From OE-Core rev: 0baf6799ae40461fbf3f18e098a3db448fec037b)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enforce the correct tag names across all of oe-core for consistency.
(From OE-Core rev: 606a43dc38a00cc243f933722db657aea4129f8e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
