As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.
---
util-linux/setpriv.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index 644dbdd51..1be98c90d 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -63,6 +63,11 @@
#define PR_GET_NO_NEW_PRIVS 39
#endif
+#ifndef PR_CAP_AMBIENT
+#define PR_CAP_AMBIENT 47
+#define PR_CAP_AMBIENT_IS_SET 1
+#endif
+
static cap_user_header_t cap_header;
static int cap_u32s;
@@ -213,6 +218,25 @@ static int dump(void)
printf("[none]");
putchar('\n');
+ printf("Ambient capabilities: ");
+ for (n = 0, i = 0; cap_valid(i); i++) {
+ int ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET,
(unsigned long) i, 0UL, 0UL);
+ if (ret < 0)
+ bb_simple_perror_msg_and_die("prctl:
CAP_AMBIENT_IS_SET");
+
+ if (ret) {
+ if (n)
+ putchar(',');
+ printcap(i);
+ n++;
+ }
+ }
+ if (!n && !i)
+ printf("[unsupported]");
+ else if (!n)
+ printf("[none]");
+ putchar('\n');
+
printf("Capability bounding set: ");
for (n = 0, i = 0; cap_valid(i); i++) {
int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL,
0UL);
--
2.13.2
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
