[PATCH v2 6/9] setpriv: dump capability bounding set

Patrick Steinhardt ps at pks.im
Sun Jul 2 13:42:55 UTC 2017


As with the previous commit, this one implements the ability to dump the
capability bounding set.
---
 util-linux/setpriv.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index d5fcde73d..3dc662d33 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -83,6 +83,10 @@
 #include <unistd.h>
 #include "libbb.h"
 
+#ifndef PR_CAPBSET_READ
+#define PR_CAPBSET_READ 23
+#endif
+
 #ifndef PR_SET_NO_NEW_PRIVS
 #define PR_SET_NO_NEW_PRIVS 38
 #endif
@@ -259,6 +263,23 @@ static int dump(void)
 		printf("[none]");
 	putchar('\n');
 
+	printf("Capability bounding set: ");
+	for (n = 0, i = 0; cap_valid(i); i++) {
+		int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
+		if (ret < 0)
+			bb_simple_perror_msg_and_die("prctl: CAPBSET_READ");
+
+		if (ret) {
+			if (n)
+				putchar(',');
+			printcap(i);
+			n++;
+		}
+	}
+	if (!n)
+		printf("[none]");
+	putchar('\n');
+
 	free(caps);
 #endif
 
-- 
2.13.2



More information about the busybox mailing list