diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 |
| commit | 689b9a22f7fa89686b2b5240b7ee9f449dea5630 (patch) | |
| tree | 47d44e0bdb73c40808a5150e081a286df38a055e /src/condition.c | |
| parent | cec736d21ff86c4ac81b4d306ddba2120333818c (diff) | |
| parent | 64685e0cea62b4937f0804e47ce2cb7929f58223 (diff) | |
Merge branch 'master' into journal
Diffstat (limited to 'src/condition.c')
| -rw-r--r-- | src/condition.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/src/condition.c b/src/condition.c index e978656772..f18c45421a 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@ #include <errno.h> #include <string.h> #include <unistd.h> +#include <sys/capability.h> #ifdef HAVE_SELINUX #include <selinux/selinux.h> @@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) { return true; /* Finally compare id */ - return streq(parameter, id); + return v > 0 && streq(parameter, id); } static bool test_security(const char *parameter) { @@ -159,6 +160,36 @@ static bool test_security(const char *parameter) { return false; } +static bool test_capability(const char *parameter) { + cap_value_t value; + FILE *f; + char line[LINE_MAX]; + unsigned long long capabilities = (unsigned long long) -1; + + /* If it's an invalid capability, we don't have it */ + + if (cap_from_name(parameter, &value) < 0) + return false; + + /* If it's a valid capability we default to assume + * that we have it */ + + f = fopen("/proc/self/status", "re"); + if (!f) + return true; + + while (fgets(line, sizeof(line), f)) { + truncate_nl(line); + + if (startswith(line, "CapBnd:")) { + (void) sscanf(line+7, "%llx", &capabilities); + break; + } + } + + return !!(capabilities & (1ULL << value)); +} + bool condition_test(Condition *c) { assert(c); @@ -214,6 +245,9 @@ bool condition_test(Condition *c) { case CONDITION_SECURITY: return test_security(c->parameter) == !c->negate; + case CONDITION_CAPABILITY: + return test_capability(c->parameter) == !c->negate; + case CONDITION_NULL: return !c->negate; |