libcap-ng-0.8.5

This release fixes building python bindings due to deprecated global exception handler. The utilities were corrected to link against the just built libraries.

libcap-ng-0.8.4

In capng_change_id, clear PR_SET_KEEPCAPS if returning an error, in pscap add -p option for reporting a specified process, annotate function prototypes to warn if results are unused, drop python2 support.

libcap-ng-0.8.3

Fix capng_updatev python bindings to work as documented. Detect capability options at runtime to make containerization easier. Initialize the library when linked statically.

libcap-ng-0.8.2

In capng_apply, continue changing capabilities when faced with an error in the bounding set to cover the possibility that someone does not check the return codes and doesn't realize they have full capabilities when they should have been dropped. This release also improves the runtime detection of the last valid capability. And if PR_CAP_AMBIENT is not available, do not build libdrop_ambient.

libcap-ng-0.8.1

This is a bug fix release. See the changelog for details. This release adds libdrop_ambient which can be LD_PRELOAD'ed to any application that inherits ambient capabilities to force it to drop ambient capabilities so they don't leak everywhere. This is particularly useful if you see a daemon using systemd's capabilities facility since that is how it bestows capabilities on a process. But its up to the process to drop them. Not all do.

Only other thing to be aware of is that capng_apply is now more aggressive with returning errors. This means that code that was "working fine" may now have an error. But the reality was that it was silently failing unknown to it. I have only seen one problem and filed an upstream issue. But be aware in case there are more.

libcap-ng-0.8

This release adds support for ambient capabilities and V3 filesystem capabilities. A bug in the python bindings was also fixed which prevented use of capng_updatev.

Please help test the new features and report any bugs

libcap-ng-0.7.11

This is a bug fix release. Found that in some cases bounding set was not being cleared across a id change when requested. Also, now does not need malloc in capng_apply to prevent application hangs. If procfs is not available, get bounding set via prctl. Added support for CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE.

libcap-ng-0.7.10

This release adds capng_have_permitted_capabilities() function, filecap outputs which set the capabilities are in, filecap doesn't output an error when a file has no capabilities, added udplite support to netcap, fixed usage of pthread_atfork, and mark processes in child user namespaces with *

libcap-ng-0.7.9

This release fixes up byte compiling Python 3 bindings. A few errors and cleanups were applied to the filecap program. And pthread_atfork is used to optionally reset the pid and related info on fork. This is done using a weak symbol to prevent the whole world linking against pthreads. If the program links against pthreads, it uses it. Otherwise, you get the old behavior.

libcap-ng-0.7.8

• Improve Python3 support
• Fix the thread separation test
• Correct typo in cap_pacct text
• Update man page for captest
• Fix sscanf string lengths in netcap
• Correct linking of python3 module