| /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
| |
| /*** |
| This file is part of systemd. |
| |
| Copyright 2010 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| ***/ |
| |
| #include <assert.h> |
| #include <string.h> |
| #include <unistd.h> |
| #include <errno.h> |
| #include <stdio.h> |
| #include <sys/types.h> |
| #include <stdarg.h> |
| #include <ctype.h> |
| #include <sys/capability.h> |
| #include <sys/prctl.h> |
| |
| #include "macro.h" |
| #include "capability.h" |
| #include "util.h" |
| #include "log.h" |
| |
| int have_effective_cap(int value) { |
| cap_t cap; |
| cap_flag_value_t fv; |
| int r; |
| |
| if (!(cap = cap_get_proc())) |
| return -errno; |
| |
| if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0) |
| r = -errno; |
| else |
| r = fv == CAP_SET; |
| |
| cap_free(cap); |
| return r; |
| } |
| |
| unsigned long cap_last_cap(void) { |
| static __thread unsigned long saved; |
| static __thread bool valid = false; |
| unsigned long p; |
| |
| if (valid) |
| return saved; |
| |
| p = (unsigned long) CAP_LAST_CAP; |
| |
| if (prctl(PR_CAPBSET_READ, p) < 0) { |
| |
| /* Hmm, look downwards, until we find one that |
| * works */ |
| for (p--; p > 0; p --) |
| if (prctl(PR_CAPBSET_READ, p) >= 0) |
| break; |
| |
| } else { |
| |
| /* Hmm, look upwards, until we find one that doesn't |
| * work */ |
| for (;; p++) |
| if (prctl(PR_CAPBSET_READ, p+1) < 0) |
| break; |
| } |
| |
| saved = p; |
| valid = true; |
| |
| return p; |
| } |