[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    [PATCH 6/9] setpriv: dump capability bounding set
From:       Patrick Steinhardt <ps () pks ! im>
Date:       2017-06-29 17:34:33
Message-ID: 62ed5514f00bd83219efca059e8cc5744995a2a9.1498757023.git.ps () pks ! im
[Download RAW message or body]

As with the previous commit, this one implements the ability to dump the
capability bounding set.
---
 util-linux/setpriv.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index 673943654..644dbdd51 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -51,6 +51,10 @@
 #include <unistd.h>
 #include "libbb.h"
 
+#ifndef PR_CAPBSET_READ
+#define PR_CAPBSET_READ 23
+#endif
+
 #ifndef PR_SET_NO_NEW_PRIVS
 #define PR_SET_NO_NEW_PRIVS 38
 #endif
@@ -209,6 +213,23 @@ static int dump(void)
 		printf("[none]");
 	putchar('\n');
 
+	printf("Capability bounding set: ");
+	for (n = 0, i = 0; cap_valid(i); i++) {
+		int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
+		if (ret < 0)
+			bb_simple_perror_msg_and_die("prctl: CAPBSET_READ");
+
+		if (ret) {
+			if (n)
+				putchar(',');
+			printcap(i);
+			n++;
+		}
+	}
+	if (!n)
+		printf("[none]");
+	putchar('\n');
+
 	free(gids);
 	free(caps);
 	return 0;
-- 
2.13.2

_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic