diff options
| author | Patrick Steinhardt | 2017-06-24 16:04:34 +0200 |
|---|---|---|
| committer | Karel Zak | 2017-06-27 14:59:19 +0200 |
| commit | 0c92194eeee9c1fd58580ef852c11eb1861d6dee (patch) | |
| tree | e85969c48be18e151759107839b3f227f4df038f /sys-utils/setpriv.c | |
| parent | setpriv: support dumping ambient capabilities (diff) | |
| download | kernel-qcow2-util-linux-0c92194eeee9c1fd58580ef852c11eb1861d6dee.tar.gz kernel-qcow2-util-linux-0c92194eeee9c1fd58580ef852c11eb1861d6dee.tar.xz kernel-qcow2-util-linux-0c92194eeee9c1fd58580ef852c11eb1861d6dee.zip | |
setpriv: support modifying the set of ambient capabilities
Right now, we do not support modifying the set of ambient capabilities,
which has been introduced quite recently with Linux 4.3. As libcap-ng
does not yet provide any ability to modify this set, we do have to roll
our own support via `prctl`, which is now easy to do due to the
indirections introduced in the preceding commits. We add a new command
line argument "--ambient-caps", which uses the same syntax as both
"--inh-caps" and "--bounding-set" to specify either adding or dropping
capabilities.
This commit also adjusts documentation to mention the newly introduced
ability to modify the ambient capability set.
Based on a patch by Andy Lutomirski.
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Diffstat (limited to 'sys-utils/setpriv.c')
| -rw-r--r-- | sys-utils/setpriv.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index 5216f98ef..a029a8a44 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -49,6 +49,8 @@ #ifndef PR_CAP_AMBIENT # define PR_CAP_AMBIENT 47 # define PR_CAP_AMBIENT_IS_SET 1 +# define PR_CAP_AMBIENT_RAISE 2 +# define PR_CAP_AMBIENT_LOWER 3 #endif #define SETPRIV_EXIT_PRIVERR 127 /* how we exit when we fail to set privs */ @@ -95,6 +97,7 @@ struct privctx { /* caps */ const char *caps_to_inherit; + const char *ambient_caps; const char *bounding_set; /* securebits */ @@ -479,6 +482,19 @@ static int cap_update(capng_act_t action, case CAP_TYPE_INHERITABLE: case CAP_TYPE_PERMITTED: return capng_update(action, (capng_type_t) type, cap); + case CAP_TYPE_AMBIENT: + { + int ret; + + if (action == CAPNG_ADD) + ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, + (unsigned long) cap, 0UL, 0UL); + else + ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, + (unsigned long) cap, 0UL, 0UL); + + return ret; + } default: errx(EXIT_FAILURE, _("unsupported capability type")); return -1; @@ -687,6 +703,7 @@ int main(int argc, char **argv) INIT_GROUPS, GROUPS, INHCAPS, + AMBCAPS, LISTCAPS, CAPBSET, SECUREBITS, @@ -699,6 +716,7 @@ int main(int argc, char **argv) { "nnp", no_argument, NULL, NNP }, { "no-new-privs", no_argument, NULL, NNP }, { "inh-caps", required_argument, NULL, INHCAPS }, + { "ambient-caps", required_argument, NULL, AMBCAPS }, { "list-caps", no_argument, NULL, LISTCAPS }, { "ruid", required_argument, NULL, RUID }, { "euid", required_argument, NULL, EUID }, @@ -831,6 +849,12 @@ int main(int argc, char **argv) _("duplicate --inh-caps option")); opts.caps_to_inherit = optarg; break; + case AMBCAPS: + if (opts.ambient_caps) + errx(EXIT_FAILURE, + _("duplicate --ambient-caps option")); + opts.ambient_caps = optarg; + break; case CAPBSET: if (opts.bounding_set) errx(EXIT_FAILURE, @@ -957,6 +981,10 @@ int main(int argc, char **argv) err(SETPRIV_EXIT_PRIVERR, _("apply capabilities")); } + if (opts.ambient_caps) { + do_caps(CAP_TYPE_AMBIENT, opts.ambient_caps); + } + execvp(argv[optind], argv + optind); err(EXIT_FAILURE, _("cannot execute: %s"), argv[optind]); |