summaryrefslogtreecommitdiff
path: root/src/shared/capability.c
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2014-12-29 13:24:35 +0100
committerDavid Herrmann <dh.herrmann@gmail.com>2014-12-29 14:05:38 +0100
commit80b4378314cf62148fd053e97018cc5c78dd6af6 (patch)
tree002fd8517de717e0b5d952fa8c5765450da71fdd /src/shared/capability.c
parent2f0af4e120385e6078c96189f4a4d0cce0e12a3a (diff)
capability: use /proc/sys/kernel/cap_last_cap
This file was introduced with linux-3.2, use it instead of probing for it via prctl(PR_CAPBSET_READ). For now, keep the old code for backwards compat. We can drop it once 3.2 is our lowest requirement. The test-cap-list code is extended to verify cap_last_cap() is the same as we'd get via prctl probing and /proc.
Diffstat (limited to 'src/shared/capability.c')
-rw-r--r--src/shared/capability.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/shared/capability.c b/src/shared/capability.c
index 65d7e038a7..b1be043803 100644
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -54,11 +54,25 @@ int have_effective_cap(int value) {
unsigned long cap_last_cap(void) {
static thread_local unsigned long saved;
static thread_local bool valid = false;
+ _cleanup_free_ char *content = NULL;
unsigned long p;
+ int r;
if (valid)
return saved;
+ /* available since linux-3.2 */
+ r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content);
+ if (r >= 0) {
+ r = safe_atolu(content, &p);
+ if (r >= 0) {
+ saved = p;
+ valid = true;
+ return p;
+ }
+ }
+
+ /* fall back to syscall-probing for pre linux-3.2 */
p = (unsigned long) CAP_LAST_CAP;
if (prctl(PR_CAPBSET_READ, p) < 0) {