From 5e0987405cb966ec041db96b75169bb992fb710e Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Thu, 6 Jul 2017 23:02:33 +0200 Subject: [PATCH] setpriv: dump ambient capabilities As with the previous commit, this commit introduces the ability to dump the set of ambient capabilities. function old new delta setpriv_main 982 1129 +147 .rodata 146148 146198 +50 Signed-off-by: Patrick Steinhardt Signed-off-by: Denys Vlasenko --- util-linux/setpriv.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index c3f9ea153..89fa2fc10 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c @@ -94,6 +94,11 @@ #define PR_GET_NO_NEW_PRIVS 39 #endif +#ifndef PR_CAP_AMBIENT +#define PR_CAP_AMBIENT 47 +#define PR_CAP_AMBIENT_IS_SET 1 +#endif + enum { IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,) OPTBIT_NNP, @@ -252,6 +257,27 @@ static int dump(void) if (!fmt[0]) printf("[none]"); + printf("\nAmbient capabilities: "); + fmt = ""; + for (i = 0; cap_valid(i); i++) { + int ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, (unsigned long) i, 0UL, 0UL); + if (ret < 0) + bb_simple_perror_msg_and_die("prctl: CAP_AMBIENT_IS_SET"); + if (ret) { +# if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES + if (i < ARRAY_SIZE(capabilities)) + printf("%s%s", fmt, capabilities[i]); + else +# endif + printf("%scap_%u", fmt, i); + fmt = ","; + } + } + if (i == 0) + printf("[unsupported]"); + else if (!fmt[0]) + printf("[none]"); + printf("\nCapability bounding set: "); fmt = ""; for (i = 0; cap_valid(i); i++) {