Added --color as an argument to make it easier to spot what you
are looking for in the output.
This addresses item (2) of:
https://bugzilla.kernel.org/show_bug.cgi?id=214269
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
We also add the cap.ProcRoot() API to let the user redirect to their
local /proc/ directory - in case anyone runs with an unusual setup
like that.
I've been studying the downstream package definitions and no one
it doesn't seem popular to build the Go packages. Indeed, Go folk
themselves prefer to install via modules anyway, so we're getting
with the program.
However, if folk want to build test the Go stuff as part of a package
build and run an install as well, we reward them with the 'captree'
binary.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
This is a small command line utility for doing something like pstree
but focused on revealing the full capability state of the processes
and threads shown.
This requires support provided in the cap.IABGetPID() function which
will debut in libcap-2.54. For now, the binary is only buildable from
HEAD in the git repository.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
I still have some things I want to explore with this example, so I
don't want to give the impression this is a stable example.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Go has its own notion of major version, and this commit raises
it from 0 to 1. That is, these modules should now be considered
stable.
The sources for the 1.2.48 and the 0.2.48 modules are otherwise
identical.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Since go 1.15 doesn't require the wrapping linker trick, I'm recommending
that version of Go for building it. Also add a test of building the
setid and gowns sources in the .../go/ directory.
At this stage, I'm imagining a tutorial on how gowns works here:
https://sites.google.com/site/fullycapable/getting-started-with-go
but I haven't started writing that yet. I first want to confirm the
state of all the features I want to use.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
A short program in Go that can invoke a UID namespaced application
it can also be used to launch capability modified programs using
IAB and mode. This is a reduced feature set over the more complete
capsh program - with the exception of namespace support.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
This is something pretty fundamental that a number of folk have asked
about. It is essentially the motivating issue for:
https://github.com/golang/go/issues/1435
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
I've written up how to build web.go here:
https://sites.google.com/site/fullycapable/building-go-programs-that-manipulate-capabilities
But it struc me that the code itself does not explain about the
CGO_LDFLAGS_ALLOW workaround, so I've relocated the web.go code
and included a README as well as a pointer to the above explanation.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
