setpriv: dump capability bounding set

As with the previous commit, this one implements the ability to dump the
capability bounding set.

function                                             old     new   delta
setpriv_main                                         838     982    +144
.rodata                                           146101  146148     +47

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
1_28_stable
Patrick Steinhardt 2017-07-06 22:59:23 +02:00 committed by Denys Vlasenko
parent ad63102943
commit f34c701fa8
1 changed files with 23 additions and 0 deletions

View File

@ -82,6 +82,10 @@
#include <sys/prctl.h>
#include "libbb.h"
#ifndef PR_CAPBSET_READ
#define PR_CAPBSET_READ 23
#endif
#ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
@ -240,6 +244,25 @@ static int dump(void)
if (i < ARRAY_SIZE(capabilities))
printf("%s%s", fmt, capabilities[i]);
else
# endif
printf("%scap_%u", fmt, i);
fmt = ",";
}
}
if (!fmt[0])
printf("[none]");
printf("\nCapability bounding set: ");
fmt = "";
for (i = 0; cap_valid(i); i++) {
int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
if (ret < 0)
bb_simple_perror_msg_and_die("prctl: CAPBSET_READ");
if (ret) {
# if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES
if (i < ARRAY_SIZE(capabilities))
printf("%s%s", fmt, capabilities[i]);
else
# endif
printf("%scap_%u", fmt, i);
fmt = ",";