The loop in `print_caps` iterates over every capability, checks whether
it is set and, if so, prints out its name. Currently, the checking and
printing is rather intertwined, making it harder to extend the check
whether we own a capability.
Prepare code for the introduction of ambient capabilities by
disentangling the code checking for a capability and printing code. A
new function `has_cap` is introduced and `print_caps` will now simply
call out to it and only handle printing itself. This easily allows to
extend the capability check based on which capability set is queried.
Signed-off-by: Patrick Steinhardt <ps@xxxxxx>
---
sys-utils/setpriv.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index 4ee07862f..23224eff9 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -162,13 +162,32 @@ static int real_cap_last_cap(void)
return ret;
}
+static int has_cap(enum cap_type which, unsigned int i)
+{
+ switch (which) {
+ case CAP_TYPE_EFFECTIVE:
+ case CAP_TYPE_BOUNDING:
+ case CAP_TYPE_INHERITABLE:
+ case CAP_TYPE_PERMITTED:
+ return capng_have_capability(which, i);
+ default:
+ warnx(_("invalid capability type"));
+ return -1;
+ }
+}
+
/* Returns the number of capabilities printed. */
static int print_caps(FILE *f, enum cap_type which)
{
int i, n = 0, max = real_cap_last_cap();
for (i = 0; i <= max; i++) {
- if (capng_have_capability((capng_type_t) which, i)) {
+ int ret = has_cap(which, i);
+
+ if (i == 0 && ret < 0)
+ return -1;
+
+ if (ret == 1) {
const char *name = capng_capability_to_name(i);
if (n)
fputc(',', f);
--
2.13.1
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
