Google Git
Sign in
android / platform / external / libcap / 6926f78d99fc0e5ed5b10a06ffde79539b70df6a
commit6926f78d99fc0e5ed5b10a06ffde79539b70df6a[log] [tgz]
authorAndrew G. Morgan <[email protected]>Mon Jun 28 22:03:08 2021 -0700
committerAndrew G. Morgan <[email protected]>Mon Jun 28 22:13:56 2021 -0700
treea76b0dc82fe81eac54cb652f43c4090b54c16265
parent8c6c3628061dadc58bc6a3ec66b627f8412797ce [diff]
Add pam_cap.so "default=<IAB>" module argument support

Add a new optional argument to pam_cap.so. This argument substitutes
for a line like this in the capability.conf file:

  <IAB>       *

That is, it supplies the default <IAB> 3-tuple of capability vectors.
Any * value in the prevailing capability.conf file overrides this default.
However, the admin can supply arguments like this:

  auth pam_cap.so autoauth config=/dev/null default=^cap_wake_alarm

to grant everyone who executes it the ambient capability cap_wake_alarm.

This addresses:

  https://bugzilla.kernel.org/show_bug.cgi?id=213611

However, see:

  https://bugzilla.kernel.org/show_bug.cgi?id=212945

for issues limiting PAM application support for ambient capabilities in
general at present.

Signed-off-by: Andrew G. Morgan <[email protected]>
4 files changed
tree: a76b0dc82fe81eac54cb652f43c4090b54c16265
  1. cap/
  2. contrib/
  3. doc/
  4. go/
  5. goapps/
  6. kdebug/
  7. libcap/
  8. pam_cap/
  9. progs/
  10. psx/
  11. tests/
  12. .gitignore
  13. CHANGELOG
  14. distcheck.sh
  15. gomods.sh
  16. License
  17. Make.Rules
  18. Makefile
  19. pgp.keys.asc
  20. README
  21. template.c