Bug 206195

Summary: develop a cap_launch() function
Product: Tools Reporter: Andrew G. Morgan (morgan)
Component: libcapAssignee: Andrew G. Morgan (morgan)
Status: RESOLVED CODE_FIX    
Severity: enhancement CC: morgan
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: n/a Subsystem:
Regression: No Bisected commit-id:

Description Andrew G. Morgan 2020-01-13 19:46:11 UTC 
TL;DR implement cap_launch().

In single threaded libcap use, it is reasonably straightforward to launch
a sub-program, and understand how capability state of the parent is effected.
In a multi-threaded program, launched from a -lcap -lpsx ... -lpthreads linked binary it is less so.

As such, I think we need to provide a cap_launch() function that can fork/execve a child program with a different security context - ie., more restrictive bounding set, different inheritable capabilities, mode etc.

Since Go comes with a native Linux os/exec that has a myopic view of capabilities ( https://golang.org/pkg/syscall/#SysProcAttr ), libcap/cap should offer a more fully functional one, and libcap (C) should maintain feature parity.
Comment 1 Andrew G. Morgan 2020-02-18 04:24:12 UTC 
The first step here was to make libpsx support fork(). Pthreads have some
carefully prepared support for fork() which is fraught with peril for
pthread based applications. Fork() support is committed here:

https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=51ed0ec9b78ef321e5feba3780aefbc4d0246449

Next up is some support for all of the flavors of inheritable capabilities.
Comment 2 Andrew G. Morgan 2020-02-24 00:52:26 UTC 
To capture the three capability vectors that can be inherited, we've created an IAB abstraction. This is committed here:

(C) https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=943b011b5e53624eb9cab4e96c1985326e077cdd

(Go) https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1b14d6411f8abaafe74c4da817d69623c351a440

This will be used to conveniently prepare what is to be launched.