diff options
author | Andrew Morgan <morgan@kernel.org> | 2007-07-21 22:18:02 -0700 |
---|---|---|
committer | Andrew Morgan <morgan@kernel.org> | 2007-08-13 23:33:40 -0700 |
commit | 54f055ee34a121d1649b8fefb6071600bebfca61 (patch) | |
tree | ae1ac515ffb749ccf39abb0990ce6f9f040c515d | |
parent | 4ede6982a479daecd2ac313b10cebfb7e07f40fa (diff) | |
download | libcap-54f055ee34a121d1649b8fefb6071600bebfca61.tar.gz |
Revived old setcap/getcap manual pages and added support for removing file caps
-rw-r--r-- | Make.Rules | 1 | ||||
-rw-r--r-- | doc/cap_get_fd.3 (renamed from doc/old/cap_get_fd.3) | 0 | ||||
-rw-r--r-- | doc/cap_get_file.3 (renamed from doc/old/cap_get_file.3) | 11 | ||||
-rw-r--r-- | doc/getcap.8 (renamed from doc/old/getcap.8) | 0 | ||||
-rw-r--r-- | doc/setcap.8 (renamed from doc/old/setcap.8) | 0 | ||||
-rw-r--r-- | libcap/Makefile | 2 | ||||
-rw-r--r-- | libcap/cap_file.c | 10 | ||||
-rw-r--r-- | progs/setcap.c | 49 |
8 files changed, 46 insertions, 27 deletions
@@ -57,6 +57,7 @@ LD=ld LDFLAGS=-s #-g KERNEL_HEADERS = /usr/include +SYSTEM_HEADERS = /usr/include IPATH += -I$(topdir)/libcap/include INCS=$(topdir)/libcap/include/sys/capability.h LIBS=-L$(topdir)/libcap -lcap diff --git a/doc/old/cap_get_fd.3 b/doc/cap_get_fd.3 index 3970c34..3970c34 100644 --- a/doc/old/cap_get_fd.3 +++ b/doc/cap_get_fd.3 diff --git a/doc/old/cap_get_file.3 b/doc/cap_get_file.3 index e2eb626..c9b727c 100644 --- a/doc/old/cap_get_file.3 +++ b/doc/cap_get_file.3 @@ -6,7 +6,7 @@ .SH NAME cap_get_file, cap_set_file, cap_get_fd, cap_set_fd \- capability manipulation on files .sp -.B " PLEASE NOTE NONE OF THESE FUNCTIONS ARE IMPLEMENTED IN 0.102. NEITHER IS THERE SUPPORT FOR THEM IN LINUX 2.1.102." +.B " Note: support for file capabilities is anticipated in Linux 2.6.23+" .SH SYNOPSIS .B .sp @@ -50,10 +50,15 @@ pointed to by or the file open on descriptor .IR fd , with the capability state identified by -.IR cap_p . +.IR cap_p . The new capability state of the file shall be completely determined by the -contents of +contents of .IR cap_p . +A +.IR NULL +value for +.IR cap_p +is used to indicate that capabilities for the file should be deleted. For these functions to succeed, the calling process must have the .B CAP_SETFCAP capability enabled and either the effective user ID of the process must match diff --git a/doc/old/getcap.8 b/doc/getcap.8 index a0e2c41..a0e2c41 100644 --- a/doc/old/getcap.8 +++ b/doc/getcap.8 diff --git a/doc/old/setcap.8 b/doc/setcap.8 index 1f727c1..1f727c1 100644 --- a/doc/old/setcap.8 +++ b/doc/setcap.8 diff --git a/libcap/Makefile b/libcap/Makefile index c492559..f875c33 100644 --- a/libcap/Makefile +++ b/libcap/Makefile @@ -46,7 +46,7 @@ $(MINLIBNAME): $(OBJS) <<<<<<< HEAD:libcap/Makefile ======= cap_sys.o: cap_sys.c $(INCLS) - $(CC) $(IPATH) -fPIC -Wall -O2 -c $< -o $@ + $(CC) -include $(SYSTEM_HEADERS)/linux/unistd.h $(IPATH) -fPIC -Wall -O2 -c $< -o $@ >>>>>>> Add tentitive support for filesystem capabilities with 2.6.23-mm kernels:libcap/Makefile install: all diff --git a/libcap/cap_file.c b/libcap/cap_file.c index b452b9c..90a2c40 100644 --- a/libcap/cap_file.c +++ b/libcap/cap_file.c @@ -134,7 +134,10 @@ int cap_set_fd(int fildes, cap_t cap_d) { struct vfs_cap_data rawvfscap; - if (_fcaps_save(&rawvfscap, cap_d) != 0) { + if (cap_d == NULL) { + _cap_debug("deleting fildes capabilities"); + return fremovexattr(fildes, XATTR_NAME_CAPS); + } else if (_fcaps_save(&rawvfscap, cap_d) != 0) { return -1; } @@ -152,7 +155,10 @@ int cap_set_file(const char *filename, cap_t cap_d) { struct vfs_cap_data rawvfscap; - if (_fcaps_save(&rawvfscap, cap_d) != 0) { + if (cap_d == NULL) { + _cap_debug("removing filename capabilities"); + return removexattr(filename, XATTR_NAME_CAPS); + } else if (_fcaps_save(&rawvfscap, cap_d) != 0) { return -1; } diff --git a/progs/setcap.c b/progs/setcap.c index 14e6307..b312212 100644 --- a/progs/setcap.c +++ b/progs/setcap.c @@ -14,8 +14,8 @@ static void usage(void) { fprintf(stderr, - "usage: setcap [-q] (-|<caps>) <filename> " - "[ ... (-|<capsN>) <filenameN> ]\n" + "usage: setcap [-q] (-r|-|<caps>) <filename> " + "[ ... (-r|-|<capsN>) <filenameN> ]\n" ); exit(1); } @@ -71,28 +71,33 @@ int main(int argc, char **argv) quiet = 1; continue; } - if (!strcmp(*argv,"-")) { - retval = read_caps(quiet, *argv, buffer); - if (retval) + if (!strcmp(*argv,"-r")) { + cap_d = NULL; + } else { + if (!strcmp(*argv,"-")) { + retval = read_caps(quiet, *argv, buffer); + if (retval) + usage(); + text = buffer; + } else { + text = *argv; + } + + cap_d = cap_from_text(text); + if (cap_d == NULL) { + perror("fatal error"); usage(); - text = buffer; - } else - text = *argv; - - cap_d = cap_from_text(text); - if (cap_d == NULL) { - perror("fatal error"); - usage(); - } + } #ifdef DEBUG - { - ssize_t length; - const char *result; + { + ssize_t length; + const char *result; - result = cap_to_text(cap_d, &length); - fprintf(stderr, "caps set to: [%s]\n", result); - } + result = cap_to_text(cap_d, &length); + fprintf(stderr, "caps set to: [%s]\n", result); + } #endif + } if (--argc <= 0) usage(); @@ -104,7 +109,9 @@ int main(int argc, char **argv) usage(); } - cap_free(cap_d); + if (cap_d) { + cap_free(cap_d); + } } return 0; |