Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 91804c4350
Branches Tags
ydb
/
contrib
/
libs
/
libcap
/
cap_proc.c

cap_proc.c 2.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. /*
    2. 

  2.  * Copyright (c) 1997-8,2007,2011 Andrew G Morgan <morgan@kernel.org>
    3. 

  3.  *
    4. 

  4.  * This file deals with getting and setting capabilities on processes.
    5. 

  5.  */
    6. 

  6. 

  7. #include <sys/prctl.h>
    8. 

  8. 

  9. #include "libcap.h"
    10. 

  10. 

  11. cap_t cap_get_proc(void)
    12. 

  12. {
    13. 

  13.     cap_t result;
    14. 

  14. 

  15.     /* allocate a new capability set */
    16. 

  16.     result = cap_init();
    17. 

  17.     if (result) {
    18. 

  18. 	_cap_debug("getting current process' capabilities");
    19. 

  19. 

  20. 	/* fill the capability sets via a system call */
    21. 

  21. 	if (capget(&result->head, &result->u[0].set)) {
    22. 

  22. 	    cap_free(result);
    23. 

  23. 	    result = NULL;
    24. 

  24. 	}
    25. 

  25.     }
    26. 

  26. 

  27.     return result;
    28. 

  28. }
    29. 

  29. 

  30. int cap_set_proc(cap_t cap_d)
    31. 

  31. {
    32. 

  32.     int retval;
    33. 

  33. 

  34.     if (!good_cap_t(cap_d)) {
    35. 

  35. 	errno = EINVAL;
    36. 

  36. 	return -1;
    37. 

  37.     }
    38. 

  38. 

  39.     _cap_debug("setting process capabilities");
    40. 

  40.     retval = capset(&cap_d->head, &cap_d->u[0].set);
    41. 

  41. 

  42.     return retval;
    43. 

  43. }
    44. 

  44. 

  45. /* the following two functions are not required by POSIX */
    46. 

  46. 

  47. /* read the caps on a specific process */
    48. 

  48. 

  49. int capgetp(pid_t pid, cap_t cap_d)
    50. 

  50. {
    51. 

  51.     int error;
    52. 

  52. 

  53.     if (!good_cap_t(cap_d)) {
    54. 

  54. 	errno = EINVAL;
    55. 

  55. 	return -1;
    56. 

  56.     }
    57. 

  57. 

  58.     _cap_debug("getting process capabilities for proc %d", pid);
    59. 

  59. 

  60.     cap_d->head.pid = pid;
    61. 

  61.     error = capget(&cap_d->head, &cap_d->u[0].set);
    62. 

  62.     cap_d->head.pid = 0;
    63. 

  63. 

  64.     return error;
    65. 

  65. }
    66. 

  66. 

  67. /* allocate space for and return capabilities of target process */
    68. 

  68. 

  69. cap_t cap_get_pid(pid_t pid)
    70. 

  70. {
    71. 

  71.     cap_t result;
    72. 

  72. 

  73.     result = cap_init();
    74. 

  74.     if (result) {
    75. 

  75. 	if (capgetp(pid, result) != 0) {
    76. 

  76. 	    int my_errno;
    77. 

  77. 

  78. 	    my_errno = errno;
    79. 

  79. 	    cap_free(result);
    80. 

  80. 	    errno = my_errno;
    81. 

  81. 	    result = NULL;
    82. 

  82. 	}
    83. 

  83.     }
    84. 

  84. 

  85.     return result;
    86. 

  86. }
    87. 

  87. 

  88. /* set the caps on a specific process/pg etc.. */
    89. 

  89. 

  90. int capsetp(pid_t pid, cap_t cap_d)
    91. 

  91. {
    92. 

  92.     int error;
    93. 

  93. 

  94.     if (!good_cap_t(cap_d)) {
    95. 

  95. 	errno = EINVAL;
    96. 

  96. 	return -1;
    97. 

  97.     }
    98. 

  98. 

  99.     _cap_debug("setting process capabilities for proc %d", pid);
    100. 

  100.     cap_d->head.pid = pid;
    101. 

  101.     error = capset(&cap_d->head, &cap_d->u[0].set);
    102. 

  102.     cap_d->head.version = _LIBCAP_CAPABILITY_VERSION;
    103. 

  103.     cap_d->head.pid = 0;
    104. 

  104. 

  105.     return error;
    106. 

  106. }
    107. 

  107. 

  108. /* get a capability from the bounding set */
    109. 

  109. 

  110. int cap_get_bound(cap_value_t cap)
    111. 

  111. {
    112. 

  112.     int result;
    113. 

  113. 

  114.     result = prctl(PR_CAPBSET_READ, cap);
    115. 

  115.     return result;
    116. 

  116. }
    117. 

  117. 

  118. /* drop a capability from the bounding set */
    119. 

  119. 

  120. int cap_drop_bound(cap_value_t cap)
    121. 

  121. {
    122. 

  122.     int result;
    123. 

  123. 

  124.     result = prctl(PR_CAPBSET_DROP, cap);
    125. 

  125.     return result;
    126. 

  126. }
    127.