We can apply this patch to libcap.
This patch enables setcap command to print the list
of capabilities running kernel supported, if the kernel
exports capability code/name pairs.
It is useful to confirm the name of capability when setting.
Thanks,
----
Signed-off-by: KaiGai Kohei <[EMAIL PROTECTED]>
diff --git a/progs/setcap.c b/progs/setcap.c
index dc13c06..1b9ed45 100644
--- a/progs/setcap.c
+++ b/progs/setcap.c
@@ -4,6 +4,7 @@
* This sets the capabilities of a given file.
*/
+#include <dirent.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
@@ -13,10 +14,34 @@
static void usage(void)
{
+ DIR *dirp;
+
fprintf(stderr,
"usage: setcap [-q] (-r|-|<caps>) <filename> "
"[ ... (-r|-|<capsN>) <filenameN> ]\n"
);
+
+ dirp = opendir("/sys/kernel/capability");
+ if (dirp) {
+ struct dirent *dent;
+ int len, width = 99999;
+
+ fprintf(stderr,
+ "\nsupported capabilities:");
+ while ((dent = readdir(dirp)) != NULL) {
+ if (!!strncmp("cap_", dent->d_name, 4))
+ continue;
+ len = strlen(dent->d_name);
+ if (width + len > 72) {
+ fprintf(stderr, "\n\t");
+ width = 8;
+ }
+ fprintf(stderr, "%s ", dent->d_name);
+ width += len;
+ }
+ fputc('\n', stderr);
+ closedir(dirp);
+ }
exit(1);
}
--
OSS Platform Development Division, NEC
KaiGai Kohei <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
