[PATCH 0/9] libcap: add user namespace fscaps support

[PATCH 0/9] libcap: add user namespace fscaps support

[Christian Brauner]

Hey everyone,

Starting with kernel 4.14 fcaps support in user namespaces was added.
libcap currently does not support fcaps in user namespaces. This series
adds support for fcaps in user namespaces. To this end two new functions
are introduced:

1. cap_get_nsowner()
   Get the uid associated with the capability sets as seen in the
   current user namespace.
   For example, assume that uid 0 in a non-initial userns is mapped to
   uid 1000000 on the host/initial user namespace. Further assume one of
   the following:
   a. A VFS_CAP_REVISION_2 capability has been set from within the
      non-initial user namespace.
   b. A VFS_CAP_REVISION_3 capability with nsowner 0 has been set from
      within said non-initial user namespace.
   c. A VFS_CAP_REVISION_3 capability with nsowner 100000 has been set
      from the initial user namespace.
   In any of these cases, cap_get_nsowner() will return 0 from within
   said non-initial user namespace, and will return 1000000 from the
   parent user namespace that wrote this mapping.

2. cap_set_nsowner()
   Set the owning uid associated with the capability sets.
   For example, assume that uid 0 in a non-initial userns is mapped to
   uid 1000000 on the host. Now, cap_set_nsowner() sets the uid for the
   capabilitiy sets to 1000000 in the parent (host) user namespace of
   the non-initial user namespace. This will cause a capability to be
   set that is useless on the host but interpreted in every user
   namespace that has established the same mapping.

More details on how to handle cases where libcap is compiled on a
VFS_CAP_REVISION_3 kernel but used on a VFS_CAP_REVISION_2 kernel can be
found in the individual commits.

Thanks!
Christian

Christian Brauner (9):
  cap_file: use v3 xattr macros
  capability: update to new uapi header
  cap_file: use struct vfs_ns_cap_data if possible
  cap_file: add new rootid argument
  cap_file: initialize rootid in _fcaps_load()
  capability: add cap_get_nsowner()
  cap_file: save rootid in _fcaps_save()
  cap_file: handle run- vs buildtime vfs cap support
  capability: add cap_set_nsowner()

 libcap/cap_file.c                      | 107 ++++++++++++++++++++++++-
 libcap/include/sys/capability.h        |   2 +
 libcap/include/uapi/linux/capability.h |  39 ++++++---
 libcap/libcap.h                        |   1 +
 4 files changed, 134 insertions(+), 15 deletions(-)

-- 
2.17.1

[PATCH 1/9] cap_file: use v3 xattr macros

[Christian Brauner]

On kernels supporting VFS_CAP_REVISION_3 we should make use the new
macros.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 76aac8c..228d806 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -59,6 +59,13 @@ static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result,
 	break;
 #endif
 
+#ifdef VFS_CAP_REVISION_3
+    case VFS_CAP_REVISION_3:
+	tocopy = VFS_CAP_U32_3;
+	bytes -= XATTR_CAPS_SZ_3;
+	break;
+#endif
+
     default:
 	cap_free(result);
 	result = NULL;
@@ -125,9 +132,15 @@ static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d,
 
 #ifdef _LINUX_CAPABILITY_VERSION_3
     case _LINUX_CAPABILITY_VERSION_3:
+#ifdef VFS_CAP_REVISION_3
+	magic = VFS_CAP_REVISION_3;
+	tocopy = VFS_CAP_U32_3;
+	*bytes_p = XATTR_CAPS_SZ_3;
+#else
 	magic = VFS_CAP_REVISION_2;
 	tocopy = VFS_CAP_U32_2;
 	*bytes_p = XATTR_CAPS_SZ_2;
+#endif
 	break;
 #endif
 
-- 
2.17.1

[PATCH 2/9] capability: update to new uapi header

[Christian Brauner]

I'm not completely sure why libcap effectively vendors a copy of the
capability uapi header but I assume there's a good reason for it. But
let's update it to the newest version.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/include/uapi/linux/capability.h | 39 +++++++++++++++++---------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/libcap/include/uapi/linux/capability.h b/libcap/include/uapi/linux/capability.h
index 432e023..4a2d916 100644
--- a/libcap/include/uapi/linux/capability.h
+++ b/libcap/include/uapi/linux/capability.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
 /*
  * This is <linux/capability.h>
  *
@@ -7,16 +8,14 @@
  *
  * See here for the libcap library ("POSIX draft" compliance):
  *
- * http://www.kernel.org/pub/linux/libs/security/linux-privs/
+ * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
  */
 
-#ifndef _UAPI_LINUX_CAPABILITY_H
-#define _UAPI_LINUX_CAPABILITY_H
+#ifndef _LINUX_CAPABILITY_H
+#define _LINUX_CAPABILITY_H
 
 #include <linux/types.h>
 
-struct task_struct;
-
 /* User-level do most of the mapping between kernel and user
    capabilities based on the version tag given by the kernel. The
    kernel might be somewhat backwards compatible, but don't bet on
@@ -62,9 +61,13 @@ typedef struct __user_cap_data_struct {
 #define VFS_CAP_U32_2           2
 #define XATTR_CAPS_SZ_2         (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
 
-#define XATTR_CAPS_SZ           XATTR_CAPS_SZ_2
-#define VFS_CAP_U32             VFS_CAP_U32_2
-#define VFS_CAP_REVISION	VFS_CAP_REVISION_2
+#define VFS_CAP_REVISION_3	0x03000000
+#define VFS_CAP_U32_3           2
+#define XATTR_CAPS_SZ_3         (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3))
+
+#define XATTR_CAPS_SZ           XATTR_CAPS_SZ_3
+#define VFS_CAP_U32             VFS_CAP_U32_3
+#define VFS_CAP_REVISION	VFS_CAP_REVISION_3
 
 struct vfs_cap_data {
 	__le32 magic_etc;            /* Little endian */
@@ -74,7 +77,18 @@ struct vfs_cap_data {
 	} data[VFS_CAP_U32];
 };
 
-#ifndef __KERNEL__
+/*
+ * same as vfs_cap_data but with a rootid at the end
+ */
+struct vfs_ns_cap_data {
+	__le32 magic_etc;
+	struct {
+		__le32 permitted;    /* Little endian */
+		__le32 inheritable;  /* Little endian */
+	} data[VFS_CAP_U32];
+	__le32 rootid;
+};
+
 
 /*
  * Backwardly compatible definition for source code - trapped in a
@@ -84,7 +98,6 @@ struct vfs_cap_data {
 #define _LINUX_CAPABILITY_VERSION  _LINUX_CAPABILITY_VERSION_1
 #define _LINUX_CAPABILITY_U32S     _LINUX_CAPABILITY_U32S_1
 
-#endif
 
 
 /**
@@ -207,7 +220,7 @@ struct vfs_cap_data {
 #define CAP_SYS_MODULE       16
 
 /* Allow ioperm/iopl access */
-/* Allow sending USB messages to any device via /proc/bus/usb */
+/* Allow sending USB messages to any device via /dev/bus/usb */
 
 #define CAP_SYS_RAWIO        17
 
@@ -349,7 +362,7 @@ struct vfs_cap_data {
 
 /* Allow reading the audit log via multicast netlink socket */
 
-#define CAP_AUDIT_READ       37
+#define CAP_AUDIT_READ		37
 
 
 #define CAP_LAST_CAP         CAP_AUDIT_READ
@@ -364,4 +377,4 @@ struct vfs_cap_data {
 #define CAP_TO_MASK(x)      (1 << ((x) & 31)) /* mask for indexed __u32 */
 
 
-#endif /* _UAPI_LINUX_CAPABILITY_H */
+#endif /* _LINUX_CAPABILITY_H */
-- 
2.17.1

[PATCH 3/9] cap_file: use struct vfs_ns_cap_data if possible

[Christian Brauner]

On kernels with VFS_CAP_REVISION_3 we should use struct_vfs_ns_cap_data.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 228d806..9b8f11e 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -37,8 +37,12 @@ extern int fremovexattr(int, const char *);
 #define FIXUP_32BITS(x) (x)
 #endif
 
-static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result,
+#ifdef VFS_CAP_REVISION_3
+static cap_t _fcaps_load(struct vfs_ns_cap_data *rawvfscap, cap_t result,
 			 int bytes)
+#else
+static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result, int bytes)
+#endif
 {
     __u32 magic_etc;
     unsigned tocopy, i;
@@ -102,8 +106,12 @@ static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result,
     return result;
 }
 
-static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d,
+#ifdef VFS_CAP_REVISION_3
+static int _fcaps_save(struct vfs_ns_cap_data *rawvfscap, cap_t cap_d,
 		       int *bytes_p)
+#else
+static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d, int *bytes_p)
+#endif
 {
     __u32 eff_not_zero, magic;
     unsigned tocopy, i;
@@ -203,7 +211,11 @@ cap_t cap_get_fd(int fildes)
     /* allocate a new capability set */
     result = cap_init();
     if (result) {
+#ifdef VFS_CAP_REVISION_3
+	struct vfs_ns_cap_data rawvfscap;
+#else
 	struct vfs_cap_data rawvfscap;
+#endif
 	int sizeofcaps;
 
 	_cap_debug("getting fildes capabilities");
@@ -233,7 +245,11 @@ cap_t cap_get_file(const char *filename)
     /* allocate a new capability set */
     result = cap_init();
     if (result) {
+#ifdef VFS_CAP_REVISION_3
+	struct vfs_ns_cap_data rawvfscap;
+#else
 	struct vfs_cap_data rawvfscap;
+#endif
 	int sizeofcaps;
 
 	_cap_debug("getting filename capabilities");
@@ -259,7 +275,11 @@ cap_t cap_get_file(const char *filename)
 
 int cap_set_fd(int fildes, cap_t cap_d)
 {
+#ifdef VFS_CAP_REVISION_3
+    struct vfs_ns_cap_data rawvfscap;
+#else
     struct vfs_cap_data rawvfscap;
+#endif
     int sizeofcaps;
     struct stat buf;
 
@@ -291,7 +311,11 @@ int cap_set_fd(int fildes, cap_t cap_d)
 
 int cap_set_file(const char *filename, cap_t cap_d)
 {
+#ifdef VFS_CAP_REVISION_3
+    struct vfs_ns_cap_data rawvfscap;
+#else
     struct vfs_cap_data rawvfscap;
+#endif
     int sizeofcaps;
     struct stat buf;
 
-- 
2.17.1

[PATCH 4/9] cap_file: add new rootid argument

[Christian Brauner]

Newer kernels support setting file capabilities in user namespaces. In
addition to directly setting file capabilites in a user namespaces they
can also be set in lieu of another user namespace by passing a uid down
to the kernel which will convert it to an appropriate kuid_t
representation.
This commit adds a new rootid argument to the internal struct
_cap_struct so that we can store the rootid when the kernel supports
VFS_CAP_REVISION_3 and returns a struct vfs_ns_cap_data.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/libcap.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libcap/libcap.h b/libcap/libcap.h
index 2596c11..9abe4a2 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -118,6 +118,7 @@ struct _cap_struct {
 	struct __user_cap_data_struct set;
 	__u32 flat[NUMBER_OF_CAP_SETS];
     } u[_LIBCAP_CAPABILITY_U32S];
+    uid_t rootid;
 };
 
 /* the maximum bits supportable */
-- 
2.17.1

[PATCH 5/9] cap_file: initialize rootid in _fcaps_load()

[Christian Brauner]

When the kernel supports namespaced file capabilites (VFS_REVISION_3) it
will return a struct vfs_ns_cap_data that will contain an additional
rootid field recording the rootid of the file capability sets in the
current user namespace.

When libcap has been compiled on a kernel that supports
VFS_CAP_REVISION_3 but is used on a kernel that does not support
VFS_CAP_REVISION_3 we need to initialize the root id of struct
vfs_ns_cap_data to zero so that no invalid data is passed along when a
VFS_REVISION_2 fcap was set on the file.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 9b8f11e..eb98bf7 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -103,6 +103,13 @@ static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result, int bytes
 	i++;
     }
 
+#ifdef VFS_CAP_REVISION_3
+    /* The kernel returns the rootid as a _le32. In case we're on a big endian
+     * machine we need to fix this up.
+     */
+    result->rootid = FIXUP_32BITS(rawvfscap->rootid);
+#endif
+
     return result;
 }
 
@@ -221,6 +228,7 @@ cap_t cap_get_fd(int fildes)
 	_cap_debug("getting fildes capabilities");
 
 	/* fill the capability sets via a system call */
+	rawvfscap.rootid = 0;
 	sizeofcaps = fgetxattr(fildes, XATTR_NAME_CAPS,
 			       &rawvfscap, sizeof(rawvfscap));
 	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
@@ -255,6 +263,7 @@ cap_t cap_get_file(const char *filename)
 	_cap_debug("getting filename capabilities");
 
 	/* fill the capability sets via a system call */
+	rawvfscap.rootid = 0;
 	sizeofcaps = getxattr(filename, XATTR_NAME_CAPS,
 			      &rawvfscap, sizeof(rawvfscap));
 	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
-- 
2.17.1

[PATCH 6/9] capability: add cap_get_nsowner()

[Christian Brauner]

cap_get_nsowner() allows to retrieve the rootid of the file capability sets
in the current user namespace.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c               | 16 ++++++++++++++++
 libcap/include/sys/capability.h |  1 +
 2 files changed, 17 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index eb98bf7..7acd60c 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -277,6 +277,16 @@ cap_t cap_get_file(const char *filename)
     return result;
 }
 
+/*
+ * Get rootid as seen in the current user namespace for the file capability
+ * sets.
+ */
+
+uid_t cap_get_nsowner(cap_t cap_d)
+{
+	return cap_d->rootid;
+}
+
 /*
  * Set the capabilities of an open file, as specified by its file
  * descriptor.
@@ -363,6 +373,12 @@ cap_t cap_get_file(const char *filename)
     return NULL;
 }
 
+uid_t cap_get_nsowner(cap_t cap_d)
+{
+    errno = EINVAL;
+    return -1;
+}
+
 int cap_set_fd(int fildes, cap_t cap_d)
 {
     errno = EINVAL;
diff --git a/libcap/include/sys/capability.h b/libcap/include/sys/capability.h
index 0976fa7..42d8154 100644
--- a/libcap/include/sys/capability.h
+++ b/libcap/include/sys/capability.h
@@ -82,6 +82,7 @@ extern int     cap_clear_flag(cap_t, cap_flag_t);
 /* libcap/cap_file.c */
 extern cap_t   cap_get_fd(int);
 extern cap_t   cap_get_file(const char *);
+extern uid_t   cap_get_nsowner(cap_t);
 extern int     cap_set_fd(int, cap_t);
 extern int     cap_set_file(const char *, cap_t);
 
-- 
2.17.1

[PATCH 7/9] cap_file: save rootid in _fcaps_save()

[Christian Brauner]

When the kernel supports namespaced file capabilites (VFS_REVISION_3) it
will take a struct vfs_ns_cap_data that will contain an additional
rootid field recording a rootid.
It can be used to set the rootid of a target user namespace as seen in
the current user namespace. This allows a user namespace to set file
capabilities in lieu of another user namespace.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 7acd60c..57c6e3f 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -197,6 +197,13 @@ static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d, int *bytes_p
 	}
     }
 
+#ifdef VFS_CAP_REVISION_3
+    /* The kernel expects the rootid to be a _le32. In case we're on a big
+     * endian machine we need to fix this up.
+     */
+    rawvfscap->rootid = FIXUP_32BITS(cap_d->rootid);
+#endif
+
     if (eff_not_zero == 0) {
 	rawvfscap->magic_etc = FIXUP_32BITS(magic);
     } else {
-- 
2.17.1

[PATCH 8/9] cap_file: handle run- vs buildtime vfs cap support

[Christian Brauner]

If libcap was compiled on a kernel supporting VFS_CAP_REVISION_3 but
running on a kernel that does not support VFS_CAP_REVISION_3 we should
always pass down a legacy struct vfs_cap_data if the rootid is 0. On
kernels supporting VFS_CAP_REVISION_3 the kernel will take care of
translating it from VFS_CAP_REVISION_2 to a VFS_CAP_REVISION_3 version.
We can elegantly handle both cases by setting magic to
VFS_CAP_REVISION_2 and only passing down XATTR_CAPS_SZ_2 bytes which
will leave out the rootid field.
If the rootid field is not 0 then we will pass down the
VFS_CAP_REVISION_3 and XATTR_CAPS_SZ_3. On kernels supporting
VFS_CAP_REVISION_3 this will succeed on kernels not supporting
VFS_CAP_REVISION_3 this will fail. The failure on kernels not supporting
VFS_CAP_REVISION_3 is wanted since the user explicitly requested an
unprivileged file capability but the kernel does not actually support
it. So fail hard.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 57c6e3f..a1f3891 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -202,6 +202,24 @@ static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d, int *bytes_p
      * endian machine we need to fix this up.
      */
     rawvfscap->rootid = FIXUP_32BITS(cap_d->rootid);
+    if (rawvfscap->rootid == 0) {
+	/* If libcap was compiled on a kernel supporting VFS_CAP_REVISION_3 but
+	 * running on a kernel that does not support VFS_CAP_REVISION_3 we
+	 * should always pass down a legacy struct vfs_cap_data if the rootid is
+	 * 0. On kernels supporting VFS_CAP_REVISION_3 the kernel will take care
+	 * of translating it from VFS_CAP_REVISION_2 to a VFS_CAP_REVISION_3
+	 * version.  We can elegantly handle both cases by setting magic to
+	 * VFS_CAP_REVISION_2 and only passing down XATTR_CAPS_SZ_2 bytes which
+	 * will leave out the rootid field.  If the rootid field is not 0 then
+	 * we will pass down the VFS_CAP_REVISION_3 and XATTR_CAPS_SZ_3. On
+	 * kernels supporting VFS_CAP_REVISION_3 this will succeed on kernels
+	 * not supporting VFS_CAP_REVISION_3 this will fail. The failure on kernels
+	 * not supporting VFS_CAP_REVISION_3 is wanted since the user explicitly
+	 * requested an unprivileged file capability but the kernel does not
+	 * actually support it. So fail hard. */
+	magic = VFS_CAP_REVISION_2;
+	*bytes_p = XATTR_CAPS_SZ_2;
+    }
 #endif
 
     if (eff_not_zero == 0) {
-- 
2.17.1

[PATCH 9/9] capability: add cap_set_nsowner()

[Christian Brauner]

cap_set_nsowner() allows to set the rootid of file capability sets. It can
be used to set the rootid of a target user namespace as seen in the
current user namespace. This allows a user namespace to set file
capabilities in lieu of another user namespace.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c               | 16 ++++++++++++++++
 libcap/include/sys/capability.h |  1 +
 2 files changed, 17 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index a1f3891..9a1643c 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -384,6 +384,16 @@ int cap_set_file(const char *filename, cap_t cap_d)
     return setxattr(filename, XATTR_NAME_CAPS, &rawvfscap, sizeofcaps, 0);
 }
 
+/*
+ * Set rootid for the file capability sets.
+ */
+
+int cap_set_nsowner(cap_t cap_d, uid_t rootid)
+{
+	cap_d->rootid = rootid;
+	return 0;
+}
+
 #else /* ie. ndef VFS_CAP_U32 */
 
 cap_t cap_get_fd(int fildes)
@@ -416,4 +426,10 @@ int cap_set_file(const char *filename, cap_t cap_d)
     return -1;
 }
 
+void cap_set_nsowner(cap_t cap_d, uid_t rootid)
+{
+	errno = EINVAL;
+	return -1;
+}
+
 #endif /* def VFS_CAP_U32 */
diff --git a/libcap/include/sys/capability.h b/libcap/include/sys/capability.h
index 42d8154..a9515b6 100644
--- a/libcap/include/sys/capability.h
+++ b/libcap/include/sys/capability.h
@@ -85,6 +85,7 @@ extern cap_t   cap_get_file(const char *);
 extern uid_t   cap_get_nsowner(cap_t);
 extern int     cap_set_fd(int, cap_t);
 extern int     cap_set_file(const char *, cap_t);
+extern int     cap_set_nsowner(cap_t, uid_t);
 
 /* libcap/cap_proc.c */
 extern cap_t   cap_get_proc(void);
-- 
2.17.1

[PATCH 1/9] cap_file: use v3 xattr macros

[Serge E. Hallyn]

Quoting Christian Brauner (christian at brauner.io):
> On kernels supporting VFS_CAP_REVISION_3 we should make use the new
> macros.
> 
> Signed-off-by: Christian Brauner <christian@brauner.io>
> Reviewed-by: Serge Hallyn <serge@hallyn.com>

Hi Andrew,

are you open to taking this patchset (or one like it) in
libcap2?

thanks,
-serge

> ---
>  libcap/cap_file.c | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/libcap/cap_file.c b/libcap/cap_file.c
> index 76aac8c..228d806 100644
> --- a/libcap/cap_file.c
> +++ b/libcap/cap_file.c
> @@ -59,6 +59,13 @@ static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result,
>  	break;
>  #endif
>  
> +#ifdef VFS_CAP_REVISION_3
> +    case VFS_CAP_REVISION_3:
> +	tocopy = VFS_CAP_U32_3;
> +	bytes -= XATTR_CAPS_SZ_3;
> +	break;
> +#endif
> +
>      default:
>  	cap_free(result);
>  	result = NULL;
> @@ -125,9 +132,15 @@ static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d,
>  
>  #ifdef _LINUX_CAPABILITY_VERSION_3
>      case _LINUX_CAPABILITY_VERSION_3:
> +#ifdef VFS_CAP_REVISION_3
> +	magic = VFS_CAP_REVISION_3;
> +	tocopy = VFS_CAP_U32_3;
> +	*bytes_p = XATTR_CAPS_SZ_3;
> +#else
>  	magic = VFS_CAP_REVISION_2;
>  	tocopy = VFS_CAP_U32_2;
>  	*bytes_p = XATTR_CAPS_SZ_2;
> +#endif
>  	break;
>  #endif
>  
> -- 
> 2.17.1