pam: use /proc/self/loginuid only if we have CAP_AUDIT_CONTROL

author: Lennart Poettering <lennart@poettering.net> 2011-04-12 21:08:44 +0200
committer: Lennart Poettering <lennart@poettering.net> 2011-04-12 21:08:44 +0200
commit: ac1234459056864aeb04053fdfe9b0001fc32590 (patch)
tree: 795ad03a0a809e6454a98a59bfed7a6cf7c3f968 /src/util.c
parent: a7444edaf768ae3dda13c42d8fe26f78b4e63e38 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/src/util.c b/src/util.c
index d39cb48385..75ad56fecf 100644
--- a/src/util.c
+++ b/src/util.c
@@ -50,6 +50,7 @@
 #include <linux/kd.h>
 #include <dlfcn.h>
 #include <sys/wait.h>
+#include <sys/capability.h>
 
 #include "macro.h"
 #include "util.h"
@@ -4236,6 +4237,23 @@ void parse_syslog_priority(char **p, int *priority) {
         *p += k;
 }
 
+int have_effective_cap(int value) {
+        cap_t cap;
+        cap_flag_value_t fv;
+        int r;
+
+        if (!(cap = cap_get_proc()))
+                return -errno;
+
+        if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0)
+                r = -errno;
+        else
+                r = fv == CAP_SET;
+
+        cap_free(cap);
+        return r;
+}
+
 static const char *const ioprio_class_table[] = {
         [IOPRIO_CLASS_NONE] = "none",
         [IOPRIO_CLASS_RT] = "realtime",
author	Lennart Poettering <lennart@poettering.net>	2011-04-12 21:08:44 +0200
committer	Lennart Poettering <lennart@poettering.net>	2011-04-12 21:08:44 +0200
commit	ac1234459056864aeb04053fdfe9b0001fc32590 (patch)
tree	795ad03a0a809e6454a98a59bfed7a6cf7c3f968 /src/util.c
parent	a7444edaf768ae3dda13c42d8fe26f78b4e63e38 (diff)