similar to: [PATCH v2] kinit: Add drop_capabilities support.

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

Commit-ID: 163920f31f98db13f4e37796bb92f0844e7aaf45 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=163920f31f98db13f4e37796bb92f0844e7aaf45 Author: maximilian attems <max at stro.at> AuthorDate: Tue, 29 May 2012 18:58:31 +0200 Committer: maximilian attems <max at stro.at> CommitDate: Tue, 29 May 2012 19:03:08 +0200 [klibc] capabilities: Use fflush() instead

Commit-ID: 8544fef6d5e5bc8f927ffbd3e4031b905c907de9 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=8544fef6d5e5bc8f927ffbd3e4031b905c907de9 Author: maximilian attems <max at stro.at> AuthorDate: Sun, 27 May 2012 23:18:07 +0200 Committer: maximilian attems <max at stro.at> CommitDate: Sun, 27 May 2012 23:18:07 +0200 [klibc] kinit: Fix capabilities alternate

From: Maciej ?enczykowski <maze at google.com> Google-Bug-Id: 9093057 Change-Id: I75a6cdc0619ae95a0220e8387aa54920701f6209 --- usr/kinit/capabilities.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/kinit/capabilities.c b/usr/kinit/capabilities.c index e743a70fec0f..4e0456ee7407 100644 --- a/usr/kinit/capabilities.c +++ b/usr/kinit/capabilities.c @@ -172,9

Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336, this moves the capability code down into the run-init library, so that run-init can use it as well, via the new "-d" flag. Signed-off-by: Kees Cook <kees at outflux.net> --- usr/kinit/Kbuild | 3 +-- usr/kinit/capabilities.h | 10 ++++++++++ usr/kinit/kinit.c | 6 +++---

Hello Tom, > I took a look at lib/CodeGen/SelectionDAG/LegalizeDAG.cpp and it > doesn't look like there is an Expand operation implemented for > ISD::Constant. I think you'll either need implement Expand for > ISD::Constant or Custom lower it in your backend. thank you for that information. This exactly is what I feared. Well I did some more mostly unguided hacking and these

initramfs-tools wants to validate the real init program before running it, as there is no way out once it has exec'd run-init. This is complicated by the increasing use of symlinks for /sbin/init and for /sbin itself. We can't simply resolve them with 'readlink -f' because any absolute symlinks will be resolved using the wrong root. Add a dry-run mode (-n option) to run-init

systemd supports switching back to the initramfs during shutdown in order to make it easier to clean up the root file system. This is desirable in order to allow us to remove keys from RAM before rebooting, making it harder to obtain confidential information by rebooting into an environment that scrapes RAM contents. --- debian/changelog | 4 +

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

Hello, While some people might scuba dive, let's summarize recent progress and state (People cc'ed have either patches in queue or are involved): * Patches pending review, allmost ready for klibc ------------------------------------------------- - mikew/drop_cap - kinit: Add drop_capabilities support adds the ability to kinit to allow the dropping of POSIX capabilities. (patch even

I am wondering what is the interaction between SE Linux and the kernel "capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep getting permission denied errors. I've tried using the lcap library to find that CAP_SETPCAP appears to be off in the kernel. For compliance reasons, I don't want to turn this on. I've also tried a hand-crafted SE Linux

Commit-ID: 10059fddba9f8bec6aeb0d37d217df6d65e64c3b Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=10059fddba9f8bec6aeb0d37d217df6d65e64c3b Author: Ben Hutchings <ben at decadent.org.uk> AuthorDate: Sun, 17 Jan 2016 19:50:28 +0000 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Wed, 2 Jan 2019 03:08:04 +0000 [klibc] run-init: Add dry-run mode

On Thu, Jul 12, 2012 at 01:22:39PM +0200, Fabian Scheler wrote: > Hi Micah, > > > We have a very similar setup with the AMDIL backend(some operations support 64bit some don't). > > > > What we do is we enable MVT::i64, set legal to all operands that are legal and then set everything else to expand. > > thanks for your hint. Unfortunately, I didn't find any

systemd supports switching back to the initramfs during shutdown in order to make it easier to clean up the root file system. This is desirable in order to allow us to remove keys from RAM before rebooting, making it harder to obtain confidential information by rebooting into an environment that scrapes RAM contents. Signed-off-by: Matthew Garrett <mjg59 at google.com> ---

Hi Micah, > We have a very similar setup with the AMDIL backend(some operations support 64bit some don't). > > What we do is we enable MVT::i64, set legal to all operands that are legal and then set everything else to expand. thanks for your hint. Unfortunately, I didn't find any time to work on my problem in the meantime as I was busy preparing lectures. However, the summer

Commit-ID: 603f1bb024a03d9c50a89e7256ae7814292baf06 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=603f1bb024a03d9c50a89e7256ae7814292baf06 Author: Matthew Garrett <matthewgarrett at google.com> AuthorDate: Thu, 18 Apr 2019 12:12:27 -0700 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 20 Apr 2019 17:11:34 +0100 [klibc] run-init: Allow

The following patches come from Debian and/or Ubuntu packages of klibc. Ben. Ben Hutchings (1): [klibc] run-init: Add dry-run mode Jay Vosburgh (1): [klibc] ipconfig: Use separate sockets for DHCP from multiple interfaces Mathieu Trudel-Lapierre (1): [klibc] ipconfig: Set broadcast when sending DHCPREQUEST and DHCPDISCOVER YunQiang Su (1): [klibc] mips: setjmp.S: don't

Hello all, this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot. Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Best regards. -------------- next part

The stdio klibc branch got merged into klibc properly, meaning the I/O being buffered. klibc gained with it support for several stream functions. This massive work got authored by hpa. ipconfig saw several note worthy enhancement allowing the generation of a proper lease file. kinit added fs mount according to /etc/fstab or bootparam. Plus several arch fixes for the usual suspects: alpha, i386,

> How do I start a process with a limited set of capabilities under > another uid? > > Use the sucap utility which changes uid from root without loosing any > capabilities. Normally all capabilities are cleared when changing uid > from root. The sucap utility requires the CAP_SETPCAP capability. > The following example starts updated under uid updated and gid updated >