[PATCH v2 6/9] setpriv: dump capability bounding set
Patrick Steinhardt
ps at pks.im
Sun Jul 2 13:42:55 UTC 2017
As with the previous commit, this one implements the ability to dump the
capability bounding set.
---
util-linux/setpriv.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index d5fcde73d..3dc662d33 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -83,6 +83,10 @@
#include <unistd.h>
#include "libbb.h"
+#ifndef PR_CAPBSET_READ
+#define PR_CAPBSET_READ 23
+#endif
+
#ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
@@ -259,6 +263,23 @@ static int dump(void)
printf("[none]");
putchar('\n');
+ printf("Capability bounding set: ");
+ for (n = 0, i = 0; cap_valid(i); i++) {
+ int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
+ if (ret < 0)
+ bb_simple_perror_msg_and_die("prctl: CAPBSET_READ");
+
+ if (ret) {
+ if (n)
+ putchar(',');
+ printcap(i);
+ n++;
+ }
+ }
+ if (!n)
+ printf("[none]");
+ putchar('\n');
+
free(caps);
#endif
--
2.13.2
More information about the busybox
mailing list