diff options
-rw-r--r-- | sys-utils/setpriv.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index 3ef180cf0..5216f98ef 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -46,13 +46,19 @@ # define PR_GET_NO_NEW_PRIVS 39 #endif +#ifndef PR_CAP_AMBIENT +# define PR_CAP_AMBIENT 47 +# define PR_CAP_AMBIENT_IS_SET 1 +#endif + #define SETPRIV_EXIT_PRIVERR 127 /* how we exit when we fail to set privs */ enum cap_type { CAP_TYPE_EFFECTIVE = CAPNG_EFFECTIVE, CAP_TYPE_PERMITTED = CAPNG_PERMITTED, CAP_TYPE_INHERITABLE = CAPNG_INHERITABLE, - CAP_TYPE_BOUNDING = CAPNG_BOUNDING_SET + CAP_TYPE_BOUNDING = CAPNG_BOUNDING_SET, + CAP_TYPE_AMBIENT = (1 << 4) }; /* @@ -170,6 +176,9 @@ static int has_cap(enum cap_type which, unsigned int i) case CAP_TYPE_INHERITABLE: case CAP_TYPE_PERMITTED: return capng_have_capability(which, i); + case CAP_TYPE_AMBIENT: + return prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, + (unsigned long) i, 0UL, 0UL); default: warnx(_("invalid capability type")); return -1; @@ -365,6 +374,14 @@ static void dump(int dumplevel) printf(_("[none]")); printf("\n"); + printf(_("Ambient capabilities: ")); + x = print_caps(stdout, CAP_TYPE_AMBIENT); + if (x == 0) + printf(_("[none]")); + if (x < 0) + printf(_("[unsupported]")); + printf("\n"); + printf(_("Capability bounding set: ")); if (print_caps(stdout, CAP_TYPE_BOUNDING) == 0) printf(_("[none]")); |