6.26. Libcap-2.24

The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels. These capabilities are a partitioning of the all powerful root privilege into a set of distinct privileges.

Approximate build time: less than 0.1 SBU
Required disk space: 1.8 MB

6.26.1. Installation of Libcap

Prevent a static library from being installed:

sed -i '/install.*STALIBNAME/d' libcap/Makefile

Compile the package:

make

This package does not come with a test suite.

Install the package to a temporary directory:

make RAISE_SETFCAP=no prefix=/usr DESTDIR=$(pwd)/debian/tmp install
chmod -v 755 debian/tmp/usr/lib/libcap.so

The meaning of the make option:

RAISE_SETFCAP=no

This parameter skips trying to use setcap on itself. This avoids an installation error if the kernel or file system does not support extended capabilities.

The shared library needs to be moved to /lib, and as a result the .so file in /usr/lib will need to be recreated:

mkdir -pv debian/tmp/lib
mv -v debian/tmp/usr/lib*/libcap.so.* debian/tmp/lib
ln -sfv ../../lib/$(readlink debian/tmp/usr/lib*/libcap.so) \
        debian/tmp/usr/lib*/libcap.so

Create the package archive:

buildpkg

Install the package:

dpkg -i ../libcap_2.24_*.deb

6.26.2. Contents of Libcap

Installed programs: capsh, getcap, getpcaps, and setcap
Installed library: libcap.{a,so}

Short Descriptions

capsh

A shell wrapper to explore and constrain capability support

getcap

Examines file capabilities

getpcaps

Displays the capabilities on the queried process(es)

libcap

Contains the library functions for manipulating POSIX 1003.1e capabilities