diff options
| -rw-r--r-- | src/libsystemd-bus/bus-kernel.c | 5 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-message.c | 19 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-message.h | 3 | ||||
| -rw-r--r-- | src/systemd/sd-bus.h | 1 |
4 files changed, 27 insertions, 1 deletions
diff --git a/src/libsystemd-bus/bus-kernel.c b/src/libsystemd-bus/bus-kernel.c index 42b16966bd..9e057fb138 100644 --- a/src/libsystemd-bus/bus-kernel.c +++ b/src/libsystemd-bus/bus-kernel.c @@ -475,7 +475,10 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k, sd_bus_mess m->cgroup = d->str; else if (d->type == KDBUS_MSG_SRC_AUDIT) m->audit = &d->audit; - else + else if (d->type == KDBUS_MSG_SRC_CAPS) { + m->capability = d->data; + m->capability_size = l; + } else log_debug("Got unknown field from kernel %llu", d->type); } diff --git a/src/libsystemd-bus/bus-message.c b/src/libsystemd-bus/bus-message.c index 6b4a0f3432..835a9f9a44 100644 --- a/src/libsystemd-bus/bus-message.c +++ b/src/libsystemd-bus/bus-message.c @@ -928,6 +928,23 @@ int sd_bus_message_get_audit_loginuid(sd_bus_message *m, uid_t *uid) { return 0; } +int sd_bus_message_has_effective_cap(sd_bus_message *m, int capability) { + unsigned sz; + + if (!m) + return -EINVAL; + if (capability < 0) + return -EINVAL; + if (!m->capability) + return -ESRCH; + + sz = m->capability_size / 4; + if ((unsigned) capability >= sz*8) + return 0; + + return !!(m->capability[2 * sz + (capability / 8)] & (1 << (capability % 8))); +} + int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member) { if (!m) return -EINVAL; @@ -3193,6 +3210,8 @@ int bus_message_dump(sd_bus_message *m) { if (sd_bus_message_get_audit_sessionid(m, &audit_sessionid) >= 0) printf("\taudit_sessionid=%lu\n", (unsigned long) audit_sessionid); + printf("\tCAP_KILL=%i\n", sd_bus_message_has_effective_cap(m, 5)); + if (sd_bus_message_get_cmdline(m, &cmdline) >= 0) { char **c; diff --git a/src/libsystemd-bus/bus-message.h b/src/libsystemd-bus/bus-message.h index 66b434816c..9c0829c7fa 100644 --- a/src/libsystemd-bus/bus-message.h +++ b/src/libsystemd-bus/bus-message.h @@ -121,6 +121,9 @@ struct sd_bus_message { char *user_unit; struct kdbus_audit *audit; + + uint8_t *capability; + size_t capability_size; }; #define BUS_MESSAGE_NEED_BSWAP(m) ((m)->header->endian != SD_BUS_NATIVE_ENDIAN) diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h index 67923e7fe1..8824efeaba 100644 --- a/src/systemd/sd-bus.h +++ b/src/systemd/sd-bus.h @@ -142,6 +142,7 @@ int sd_bus_message_get_session(sd_bus_message *m, const char **session); int sd_bus_message_get_owner_uid(sd_bus_message *m, uid_t *uid); int sd_bus_message_get_audit_sessionid(sd_bus_message *m, uint32_t *sessionid); int sd_bus_message_get_audit_loginuid(sd_bus_message *m, uid_t *loginuid); +int sd_bus_message_has_effective_cap(sd_bus_message *m, int capability); int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member); int sd_bus_message_is_method_call(sd_bus_message *m, const char *interface, const char *member); |