libcap-ng provides a function to update capabilities with
`capng_update`. As libcap-ng has not yet been updated to enable
modification of ambient capabilities, we cannot use it to update this
set, though. In order to allow easily extending the logic to also handle
ambient capability sets, we create a new function `cap_update`. Right
now, it simply calls out to `capng_update` for all supported capability
types.
Signed-off-by: Patrick Steinhardt <ps@xxxxxx>
---
sys-utils/setpriv.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index 23224eff9..549d2b298 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -453,6 +453,21 @@ static void bump_cap(unsigned int cap)
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, cap);
}
+static int cap_update(capng_act_t action,
+ enum cap_type type, unsigned int cap)
+{
+ switch (type) {
+ case CAP_TYPE_EFFECTIVE:
+ case CAP_TYPE_BOUNDING:
+ case CAP_TYPE_INHERITABLE:
+ case CAP_TYPE_PERMITTED:
+ return capng_update(action, (capng_type_t) type, cap);
+ default:
+ errx(EXIT_FAILURE, _("unsupported capability type"));
+ return -1;
+ }
+}
+
static void do_caps(enum cap_type type, const char *caps)
{
char *my_caps = xstrdup(caps);
@@ -475,11 +490,11 @@ static void do_caps(enum cap_type type, const char *caps)
errx(SETPRIV_EXIT_PRIVERR,
_("libcap-ng is too old for \"all\" caps"));
for (i = 0; i <= CAP_LAST_CAP; i++)
- capng_update(action, (capng_type_t) type, i);
+ cap_update(action, type, i);
} else {
int cap = capng_name_to_capability(c + 1);
if (0 <= cap)
- capng_update(action, (capng_type_t) type, cap);
+ cap_update(action, type, cap);
else
errx(EXIT_FAILURE,
_("unknown capability \"%s\""), c + 1);
--
2.13.1
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
