libcap-2.25 with PAM

Introduction to libcap with PAM

The libcap package was installed in LFS, but if PAM support is desired, it needs to be reinstalled after PAM is built.

This package is known to build and work properly using an LFS-7.9 platform.

Package Information

libcap Dependencies

Required

Linux-PAM-1.2.1

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/libcap

Installation of libcap

Install libcap by running the following commands:

sed -i 's:LIBDIR:PAM_&:g' pam_cap/Makefile &&
make

This package does not come with a test suite.

If you want to disable installing the static library, use this sed:

sed -i '/install.*STALIBNAME/ s/^/#/' libcap/Makefile

Now, as the root user:

make prefix=/usr \
     SBINDIR=/sbin \
     PAM_LIBDIR=/lib \
     RAISE_SETFCAP=no install

Still as the root user, clean up some library locations and permissions:

chmod -v 755 /usr/lib/libcap.so &&
mv -v /usr/lib/libcap.so.* /lib &&
ln -sfv ../../lib/libcap.so.2 /usr/lib/libcap.so

Command Explanations

sed -i '...', PAM_LIBDIR=/lib: These correct PAM module install location.

RAISE_SETFCAP=no: This parameter skips trying to use setcap on itself. This avoids an installation error if the kernel or file system do not support extended capabilities.

Contents

Installed Programs: capsh, getcap, getpcaps, and setcap
Installed Libraries: libcap.{so,a} and pam_cap.so
Installed Directories: None

Short Descriptions

capsh

is a shell wrapper to explore and constrain capability support.

getcap

examines file capabilities.

getpcaps

displays the capabilities on the queried process(es).

setcap

sets file file capabilities.

libcap.{so,a}

contains the libcap API functions.

Last updated on 2016-02-21 15:08:48 -0800