1. 15 May, 2018 3 commits
  2. 11 May, 2018 1 commit
    • iproute2.postinst: use setcap -r instead of empty set · 5219bbc7
      Luca Boccassi authored
      Calling setcap with an empty strings does not remove the xattr, but sets
      it to an empty set, which breaks programs with ambient caps forking and
      exec'ing ip.
      Use setcap -r instead to remove the xattr if the user chooses to do so.
      
      Thanks to Mantas Mikulėnas for spotting the error!
  3. 09 May, 2018 1 commit
  4. 08 May, 2018 1 commit
  5. 03 May, 2018 2 commits
  6. 16 Apr, 2018 4 commits
  7. 12 Apr, 2018 2 commits
    • Add capabilities to /bin/ip on postinst to fix ip vrf exec · 48fc47a8
      Luca Boccassi authored
      /bin/ip can now drop capabilities when launched, except when running
      ip vrf exec.
      ip vrf exec requires cap_dac_override to create a cgroup subdir in
      /sys, cap_sys_admin to load a BPF program to change the VRF of the
      socket being used to jail the application and cap_net_admin to change
      the cgroup of the process.
      Without these, it's impossible to run a simple command like ping into
      a vrf.
      
      Add the required capabilities via a postinst file to fix it. Make it
      disabled by default behind a new low-priority debconf knob.
      Add NEWS file to inform users of the debconf option.
    • Update changelog for 4.16.0-1 release · e4324552
      Luca Boccassi authored
  8. 03 Apr, 2018 4 commits
  9. 02 Apr, 2018 3 commits
  10. 29 Mar, 2018 10 commits
  11. 28 Mar, 2018 5 commits
  12. 27 Mar, 2018 4 commits