File compartment-1.1-newcaps.dif of Package compartm

--- compartment.c
+++ compartment.c	2008/04/29 16:33:48
@@ -45,21 +45,25 @@
 
 char *_env[] = { "HOME=/", "COMPARTMENT=YES", "PATH=/bin:/usr/bin:/", "" };
 
-int cap_set_no[29] = {
+#ifndef CAP_TO_MASK
+#define CAP_TO_MASK(x)      (1 << ((x) & 31))
+#endif
+int cap_set_no[] = {
   CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH,CAP_FOWNER,CAP_FSETID,
-  CAP_FS_MASK,CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
-  CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK,
-  CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,CAP_SYS_PTRACE,
-  CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,CAP_SYS_RESOURCE,
-  CAP_SYS_TIME,CAP_SYS_TTY_CONFIG, 0 };
-char cap_set_names[29][29] = {
+  CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
+  CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,
+  CAP_IPC_LOCK,CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,
+  CAP_SYS_PTRACE,CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,
+  CAP_SYS_RESOURCE,CAP_SYS_TIME,CAP_SYS_TTY_CONFIG,CAP_MKNOD,CAP_LEASE,
+  CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL, 0 };
+char cap_set_names[][32] = {
   "CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID",
-  "CAP_FS_MASK","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
-  "CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST",
-  "CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE",
-  "CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT",
-  "CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE","CAP_SYS_RESOURCE","CAP_SYS_TIME",
-  "CAP_SYS_TTY_CONFIG", "" };
+  "CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE",
+  "CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW",
+  "CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE","CAP_SYS_RAWIO","CAP_SYS_CHROOT",
+  "CAP_SYS_PTRACE","CAP_SYS_PACCT","CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE",
+  "CAP_SYS_RESOURCE","CAP_SYS_TIME","CAP_SYS_TTY_CONFIG","CAP_MKNOD","CAP_LEASE",
+  "CAP_AUDIT_WRITE","CAP_AUDIT_CONTROL", "" };
 
 extern int capset(cap_user_header_t header, cap_user_data_t data);
 extern char **environ;
@@ -246,7 +250,7 @@
 	      while((temp == caps) && (strlen(cap_set_names[tmp]) > 0)) {
 		    if (strcmp(argv[program_params], cap_set_names[tmp]) == 0) {
 		        temp = cap_set_no[tmp];
-		        caps |= (1<<((temp)&31));
+		        caps |= CAP_TO_MASK(temp);
 		        if (verbose)
 		            print_msg("Capabilities will be set to 0x%0x\n",caps);
 	            }
openSUSE Build Service is sponsored by