This set of changes fix the last few gripes I've had with the capability code in bst.
First and foremost, libcap is dropped in favor of raw capget/capset code. Whatever the manpage for capget says, the matter of fact is that this new code is simpler, has 0 dynamic allocations, and just allows for the implementation of a better interface.
Second, I've realized that due to some misunderstanding of user namespaces on my end when I first wrote that code, the placement of the mount code (and almost everything after setresuid()) is just wrong. In this fixed version, we no longer need to give ourselves back capabilities after switching uids -- instead, the switch is done almost at the very end, where the only two remaining operations are chdir and execve. These are in fact the only two operations where using the privilege set of the user we're changing to makes sense.
This set of changes fix the last few gripes I've had with the capability code in bst.
First and foremost, libcap is dropped in favor of raw capget/capset code. Whatever the manpage for capget says, the matter of fact is that this new code is simpler, has 0 dynamic allocations, and just allows for the implementation of a better interface.
Second, I've realized that due to some misunderstanding of user namespaces on my end when I first wrote that code, the placement of the mount code (and almost everything after setresuid()) is just wrong. In this fixed version, we no longer need to give ourselves back capabilities after switching uids -- instead, the switch is done almost at the very end, where the only two remaining operations are chdir and execve. These are in fact the only two operations where using the privilege set of the user we're changing to makes sense.