git.librecmc.org Git - oweals/busybox.git/commit

author	Patrick Steinhardt <ps@pks.im>
	Thu, 6 Jul 2017 20:47:16 +0000 (22:47 +0200)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Thu, 6 Jul 2017 20:47:16 +0000 (22:47 +0200)
commit	ad63102943d3f648b37b65f5c734b2c345a3b280
tree	444262f9af66ab40a9669bb906241bb8df9124ba	tree \| snapshot
parent	10c53b85c992afca47e7a70f05379a5038bdaeb9	commit \| diff

setpriv: dump inheritable capability set

The setpriv executable from util-linux also dumps out information on the
different capability sets known by the kernel. By default, these are the
inheritable capabilities, bounding capabilities and (not yet released)
the ambient capabilities, which have been introduced with Linux 4.3.
This patch introduces the ability to dump the set of inheritable
capabilities.

By default, setpriv(1) identifies capabilities by their human-readable
name, for example 'net_admin'. For unknown capabilities, though, it does
instead use the capability's value, for example 'cap_12', which is
equivalent to 'net_admin'. As there is no kernel interface to retrieve
capability names by their index, we have to declare these ourselves,
which adds to setpriv's size.

To counteract, using the human-readble name has been made configurable.
The following sizes are with the 'FEATURE_SETPRIV_CAPABILITY_NAMES'
enabled:

function                                             old     new   delta
.rodata                                           145969  146405    +436
setpriv_main                                         467     842    +375
capabilities                                           -     304    +304

And with 'FEATURE_SETPRIV_CAPABILITY_NAMES' disabled:

function                                             old     new   delta
setpriv_main                                         467     838    +371
.rodata                                           145969  146101    +132

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>