CAP_AUDIT_READ not included.

Bug #1451601 reported by Thell
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libcap2 (Ubuntu)
High
Unassigned

Bug Description

The version of libcap2/include/uapi/capabilities.h do not include CAP_AUDIT_READ.

It is missing

/* Allow reading the audit log via multicast netlink socket */

#define CAP_AUDIT_READ 37

#define CAP_LAST_CAP CAP_AUDIT_READ

This was added in 3.16. This causes capsh --supports=cap_audit_read to return cap[cap_audit_read] not recognized by library even when kernels can support it.

Could this get updated, or is there a blocker somewhere?

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

No blocker, hopefully we can get it straight into upstream.

Thanks for reporting this bug.

Changed in libcap2 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libcap2 - 1:2.25-1

---------------
libcap2 (1:2.25-1) unstable; urgency=medium

  * New upstream release. LP: #1451601
  * Drop package libcap2-dbg in favor of automatic dbgsym packages, as per
    https://lists.debian.org/debian-devel/2015/12/msg00262.html.
  * d/control:
    - Bump Standards-Version to 3.9.8 (no changes needed)
    - Increase Priority of libcap2{,-bin} to important. Closes: #815566
    - Drop libattr1-dev from Build-Depends. Upstream no longer uses this
      library and instead uses the kernel API directly
    - Switch Vcs-Browser from gitweb to cgit
    - Switch to secure URIs in Vcs-* fields
  * d/rules:
    - Add hardening=+all to DEB_BUILD_MAINT_OPTIONS
  * d/tests:
    - executables:
      + Fix typos
      + Don't mount over ADTTMP, use a subdir instead. ADTTMP could already be
        a mount point for another filesystem, which could make things slightly
        more confusing
      + Improve output
  * d/copyright:
    - Bump copyright years
  * d/patches (added):
    - Avoid-sys-capability.h-on-build-architecture.patch
      Fixes a FTCBFS on kFreeBSD. Thanks, Helmut Grohne! Closes: #809467
    - Filter-out-PIE-flags-when-building-shared-objects.patch
      Filters out -pie, -fpie, and -fPIE from CFLAGS/LDFLAGS when building the
      shared library and the PAM module
    - Spelling-fixes.patch
  * d/patches (updated):
    - setcap-error-message.patch
    - Update Don-t-hardcode-build-flags.patch
  * d/patches (dropped):
    - Drop include-sys-xattr.patch
      The reason it was initially created for ceased to exist in 2.25
  * libcap2-bin:
    - lintian override for spelling-error-in-readme-debian (false positive)

 -- Christian Kastner <email address hidden> Sat, 30 Apr 2016 14:30:26 +0200

Changed in libcap2 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers