Discussion:
[PATCH 0/9] capabilities: remove include of <sys/capability.h> where possible
(too old to reply)
Filipe Brandenburger
2014-12-22 19:57:21 UTC
Permalink
Ping?

Also wondering if it makes sense to go ahead and implement our own
"cap_to_text" and "cap_from_text" to generate capability strings from
the bitmaps (and further remove dependency on libcap.) I think it
does, considering we now already have our own list of valid
capabilities and the constants come from kernel headers (or
missing.h), it makes sense to have more of our own routines...

Cheers,
Filipe


On Tue, Dec 16, 2014 at 5:18 PM, Filipe Brandenburger
This is a first cleanup step towards removing the dependency on libcap.
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026155.html
It is mainly removing the include of <sys/capability.h> where the only
capability-related information used is the CAP_* constants which are actually
coming from <linux/capability.h> (kernel headers) or from "missing.h" (for
compatibility with older kernel headers.)
capabilities: remove spurious include of <sys/capability.h> from nspawn.c
capabilities: remove spurious include of <sys/capability.h> from logind sources
capabilities: remove spurious include of <sys/capability.h> from tmpfiles.c
capabilities: remove spurious include of <sys/capability.h> from hostnamed.c
capabilities: remove spurious include of <sys/capability.h> from localed.c
capabilities: remove spurious include of <sys/capability.h> from timedated.c
capabilities: remove spurious include of <sys/capability.h> from pam_systemd.c
capabilities: remove spurious include of <sys/capability.h> from machined sources
capabilities: remove spurious include of <sys/capability.h> from sd-dbus sources
src/hostname/hostnamed.c | 1 -
src/libsystemd/sd-bus/bus-objects.c | 2 --
src/libsystemd/sd-bus/bus-util.c | 1 -
src/locale/localed.c | 1 -
src/login/logind-dbus.c | 1 -
src/login/logind-seat-dbus.c | 1 -
src/login/logind-session-dbus.c | 1 -
src/login/logind-user-dbus.c | 1 -
src/login/pam_systemd.c | 1 -
src/machine/machine-dbus.c | 1 -
src/machine/machined-dbus.c | 1 -
src/nspawn/nspawn.c | 2 +-
src/timedate/timedated.c | 1 -
src/tmpfiles/tmpfiles.c | 1 -
14 files changed, 1 insertion(+), 15 deletions(-)
--
1.8.3.1
David Herrmann
2014-12-23 13:23:04 UTC
Permalink
Hi

On Mon, Dec 22, 2014 at 8:57 PM, Filipe Brandenburger
Post by Filipe Brandenburger
Ping?
Also wondering if it makes sense to go ahead and implement our own
"cap_to_text" and "cap_from_text" to generate capability strings from
the bitmaps (and further remove dependency on libcap.) I think it
does, considering we now already have our own list of valid
capabilities and the constants come from kernel headers (or
missing.h), it makes sense to have more of our own routines...
Cheers,
Filipe
On Tue, Dec 16, 2014 at 5:18 PM, Filipe Brandenburger
This is a first cleanup step towards removing the dependency on libcap.
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026155.html
It is mainly removing the include of <sys/capability.h> where the only
capability-related information used is the CAP_* constants which are actually
coming from <linux/capability.h> (kernel headers) or from "missing.h" (for
compatibility with older kernel headers.)
capabilities: remove spurious include of <sys/capability.h> from nspawn.c
capabilities: remove spurious include of <sys/capability.h> from logind sources
capabilities: remove spurious include of <sys/capability.h> from tmpfiles.c
capabilities: remove spurious include of <sys/capability.h> from hostnamed.c
capabilities: remove spurious include of <sys/capability.h> from localed.c
capabilities: remove spurious include of <sys/capability.h> from timedated.c
capabilities: remove spurious include of <sys/capability.h> from pam_systemd.c
capabilities: remove spurious include of <sys/capability.h> from machined sources
capabilities: remove spurious include of <sys/capability.h> from sd-dbus sources
I cannot find these patches on systemd-***@lists.freedesktop.org.
This might be due to fdo mail-server issues, or me just being
incapable of searching through my emails... Anyway, would you mind
resending those? While at it, they look like you can merge all this
into a single patch.

Thanks
David
Post by Filipe Brandenburger
src/hostname/hostnamed.c | 1 -
src/libsystemd/sd-bus/bus-objects.c | 2 --
src/libsystemd/sd-bus/bus-util.c | 1 -
src/locale/localed.c | 1 -
src/login/logind-dbus.c | 1 -
src/login/logind-seat-dbus.c | 1 -
src/login/logind-session-dbus.c | 1 -
src/login/logind-user-dbus.c | 1 -
src/login/pam_systemd.c | 1 -
src/machine/machine-dbus.c | 1 -
src/machine/machined-dbus.c | 1 -
src/nspawn/nspawn.c | 2 +-
src/timedate/timedated.c | 1 -
src/tmpfiles/tmpfiles.c | 1 -
14 files changed, 1 insertion(+), 15 deletions(-)
--
1.8.3.1
_______________________________________________
systemd-devel mailing list
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Filipe Brandenburger
2014-12-23 18:45:07 UTC
Permalink
Post by David Herrmann
This might be due to fdo mail-server issues, or me just being
incapable of searching through my emails... Anyway, would you mind
resending those?
Yeah, it seems I was having trouble... Looks like I fixed it, at least
I can see the messages I just resent on the mailing list archive.
Post by David Herrmann
While at it, they look like you can merge all this into a single patch.
I see. The main reason for it was that I used the commit description
to document that it is safe to remove from every place. If you'd
really like I can squash them all myself or feel free to squash them
while applying, that's certainly fine with me.

Thanks!
Filipe
Zbigniew Jędrzejewski-Szmek
2014-12-25 16:20:02 UTC
Permalink
Post by Filipe Brandenburger
Post by David Herrmann
This might be due to fdo mail-server issues, or me just being
incapable of searching through my emails... Anyway, would you mind
resending those?
Yeah, it seems I was having trouble... Looks like I fixed it, at least
I can see the messages I just resent on the mailing list archive.
Post by David Herrmann
While at it, they look like you can merge all this into a single patch.
I see. The main reason for it was that I used the commit description
to document that it is safe to remove from every place. If you'd
really like I can squash them all myself or feel free to squash them
while applying, that's certainly fine with me.
I pushed the patches as is. I like the commit messages describing
why each change is OK.

Zbyszek

Filipe Brandenburger
2014-12-23 18:38:41 UTC
Permalink
This is a first cleanup step towards removing the dependency on libcap.

The idea of removing the libcap dependency was brought up by Lennart in:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026155.html

It is mainly removing the include of <sys/capability.h> where the only
capability-related information used is the CAP_* constants which are actually
coming from <linux/capability.h> (kernel headers) or from "missing.h" (for
compatibility with older kernel headers.)

Filipe Brandenburger (9):
capabilities: remove spurious include of <sys/capability.h> from nspawn.c
capabilities: remove spurious include of <sys/capability.h> from logind sources
capabilities: remove spurious include of <sys/capability.h> from tmpfiles.c
capabilities: remove spurious include of <sys/capability.h> from hostnamed.c
capabilities: remove spurious include of <sys/capability.h> from localed.c
capabilities: remove spurious include of <sys/capability.h> from timedated.c
capabilities: remove spurious include of <sys/capability.h> from pam_systemd.c
capabilities: remove spurious include of <sys/capability.h> from machined sources
capabilities: remove spurious include of <sys/capability.h> from sd-dbus sources

src/hostname/hostnamed.c | 1 -
src/libsystemd/sd-bus/bus-objects.c | 2 --
src/libsystemd/sd-bus/bus-util.c | 1 -
src/locale/localed.c | 1 -
src/login/logind-dbus.c | 1 -
src/login/logind-seat-dbus.c | 1 -
src/login/logind-session-dbus.c | 1 -
src/login/logind-user-dbus.c | 1 -
src/login/pam_systemd.c | 1 -
src/machine/machine-dbus.c | 1 -
src/machine/machined-dbus.c | 1 -
src/nspawn/nspawn.c | 2 +-
src/timedate/timedated.c | 1 -
src/tmpfiles/tmpfiles.c | 1 -
14 files changed, 1 insertion(+), 15 deletions(-)
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:42 UTC
Permalink
It does not use any functions from libcap directly. The CAP_* constants in use
through this file come from "missing.h" which will import <linux/capability.h>
and complement it with CAP_* constants not defined by the current kernel
headers.

Add an explicit import of our "capability.h" since it does use the function
capability_bounding_set_drop from that header file. Previously, that header was
implicitly imported through through "cap-list.h".

Tested that "systemd-nspawn" builds cleanly and works after this change.
---
src/nspawn/nspawn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 0dd12ad..04396eb 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -31,7 +31,6 @@
#include <stdio.h>
#include <errno.h>
#include <sys/prctl.h>
-#include <sys/capability.h>
#include <getopt.h>
#include <termios.h>
#include <sys/signalfd.h>
@@ -90,6 +89,7 @@
#include "base-filesystem.h"
#include "barrier.h"
#include "event-util.h"
+#include "capability.h"
#include "cap-list.h"
#include "btrfs-util.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:43 UTC
Permalink
They do not use any functions from libcap directly. The CAP_* constants in use
through these files come from "missing.h" which will import <linux/capability.h>
and complement it with CAP_* constants not defined by the current kernel
headers. The "missing.h" header is imported through "util.h" which gets
imported in "logind.h".

Tested that "systemd-logind" builds cleanly and works after this change.
---
src/login/logind-dbus.c | 1 -
src/login/logind-seat-dbus.c | 1 -
src/login/logind-session-dbus.c | 1 -
src/login/logind-user-dbus.c | 1 -
4 files changed, 4 deletions(-)

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 8ea653f..c0d1309 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -23,7 +23,6 @@
#include <string.h>
#include <unistd.h>
#include <pwd.h>
-#include <sys/capability.h>

#include "sd-id128.h"
#include "sd-messages.h"
diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c
index ff87f0f..a99d008 100644
--- a/src/login/logind-seat-dbus.c
+++ b/src/login/logind-seat-dbus.c
@@ -21,7 +21,6 @@

#include <errno.h>
#include <string.h>
-#include <sys/capability.h>

#include "util.h"
#include "bus-util.h"
diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
index 8607d03..4e75d5b 100644
--- a/src/login/logind-session-dbus.c
+++ b/src/login/logind-session-dbus.c
@@ -21,7 +21,6 @@

#include <errno.h>
#include <string.h>
-#include <sys/capability.h>

#include "util.h"
#include "strv.h"
diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c
index 51793f6..812a19f 100644
--- a/src/login/logind-user-dbus.c
+++ b/src/login/logind-user-dbus.c
@@ -21,7 +21,6 @@

#include <errno.h>
#include <string.h>
-#include <sys/capability.h>

#include "strv.h"
#include "bus-util.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:44 UTC
Permalink
It does not use any functions from libcap directly. The CAP_MKNOD constant in
use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-tmpfiles" builds cleanly and works after this change.
---
src/tmpfiles/tmpfiles.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index d40bd96..44ea51e 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -38,7 +38,6 @@
#include <sys/param.h>
#include <glob.h>
#include <fnmatch.h>
-#include <sys/capability.h>
#include <sys/xattr.h>

#include "log.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:45 UTC
Permalink
It does not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-hostnamed" builds cleanly and works after this change.
---
src/hostname/hostnamed.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index ef45e56..b230ff6 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -23,7 +23,6 @@
#include <string.h>
#include <unistd.h>
#include <sys/utsname.h>
-#include <sys/capability.h>

#include "util.h"
#include "strv.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:49 UTC
Permalink
They do not use any functions from libcap directly. The CAP_KILL constant in
use by these files comes from <linux/capability.h> imported through
"missing.h".

Tested that "systemd-machined" builds cleanly and works after this change.
---
src/machine/machine-dbus.c | 1 -
src/machine/machined-dbus.c | 1 -
2 files changed, 2 deletions(-)

diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index 76c5dcf..7855c4c 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -21,7 +21,6 @@

#include <errno.h>
#include <string.h>
-#include <sys/capability.h>
#include <arpa/inet.h>

#include "bus-util.h"
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 370d04a..ffb7722 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -23,7 +23,6 @@
#include <string.h>
#include <unistd.h>
#include <pwd.h>
-#include <sys/capability.h>

#include "sd-id128.h"
#include "sd-messages.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:50 UTC
Permalink
They do not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by bus-objects.c comes from <linux/capability.h> imported through
"missing.h". The "missing.h" header is imported through "util.h" which gets
imported in "bus-util.h".

Tested that everything builds cleanly after this change.
---
src/libsystemd/sd-bus/bus-objects.c | 2 --
src/libsystemd/sd-bus/bus-util.c | 1 -
2 files changed, 3 deletions(-)

diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
index 6162d12..e64743f 100644
--- a/src/libsystemd/sd-bus/bus-objects.c
+++ b/src/libsystemd/sd-bus/bus-objects.c
@@ -19,8 +19,6 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

-#include <sys/capability.h>
-
#include "strv.h"
#include "set.h"
#include "bus-internal.h"
diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c
index 0f1a89c..06e6d84 100644
--- a/src/libsystemd/sd-bus/bus-util.c
+++ b/src/libsystemd/sd-bus/bus-util.c
@@ -20,7 +20,6 @@
***/

#include <sys/socket.h>
-#include <sys/capability.h>

#include "systemd/sd-daemon.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:46 UTC
Permalink
It does not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-localed" builds cleanly and works after this change.
---
src/locale/localed.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/locale/localed.c b/src/locale/localed.c
index 0aaa63d..0723541 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -23,7 +23,6 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
-#include <sys/capability.h>

#include "sd-bus.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:47 UTC
Permalink
It does not use any functions from libcap directly. The CAP_SYS_TIME constant
in use by this file comes from <linux/capability.h> imported through "missing.h".

Tested that "systemd-timedated" builds cleanly and works after this change.
---
src/timedate/timedated.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index bf567a1..d507200 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -22,7 +22,6 @@
#include <errno.h>
#include <string.h>
#include <unistd.h>
-#include <sys/capability.h>

#include "sd-id128.h"
#include "sd-messages.h"
--
1.8.3.1
Filipe Brandenburger
2014-12-23 18:38:48 UTC
Permalink
It does not use any functions or constants from libcap directly.

Tested that "pam_systemd.la" builds cleanly and works after this change.
---
src/login/pam_systemd.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 111e2b7..d5b29c8 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -24,7 +24,6 @@
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
-#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
--
1.8.3.1
Continue reading on narkive:
Loading...