setpriv: dump capability bounding set

author Patrick Steinhardt <ps@pks.im>

Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)

committer Denys Vlasenko <vda.linux@googlemail.com>

Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)
author Patrick Steinhardt <ps@pks.im>
Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)
committer Denys Vlasenko <vda.linux@googlemail.com>
Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c

index a509204a2f3792b9c8c3697aa29881b6af27656c..c3f9ea1536d255f1ca352fb9d499974d2e0a87e2 100644 (file)
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -82,6 +82,10 @@
  #include <sys/prctl.h>
  #include "libbb.h"
  
+#ifndef PR_CAPBSET_READ
+#define PR_CAPBSET_READ 23
+#endif
+
  #ifndef PR_SET_NO_NEW_PRIVS
  #define PR_SET_NO_NEW_PRIVS 38
  #endif
@@ -240,6 +244,25 @@ static int dump(void)
                         if (i < ARRAY_SIZE(capabilities))
                                 printf("%s%s", fmt, capabilities[i]);
                         else
+#  endif
+                               printf("%scap_%u", fmt, i);
+                       fmt = ",";
+               }
+       }
+       if (!fmt[0])
+               printf("[none]");
+
+       printf("\nCapability bounding set: ");
+       fmt = "";
+       for (i = 0; cap_valid(i); i++) {
+               int ret = prctl(PR_CAPBSET_READ, (unsigned long) i, 0UL, 0UL, 0UL);
+               if (ret < 0)
+                       bb_simple_perror_msg_and_die("prctl: CAPBSET_READ");
+               if (ret) {
+#  if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES
+                       if (i < ARRAY_SIZE(capabilities))
+                               printf("%s%s", fmt, capabilities[i]);
+                       else
  #  endif
                                 printf("%scap_%u", fmt, i);
                         fmt = ",";
author	Patrick Steinhardt <ps@pks.im>
	Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Thu, 6 Jul 2017 20:59:23 +0000 (22:59 +0200)