projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
| 05d3a176 | 2 | #pragma once |
| 7f110ff9 LP |
3 | |
| 4 | /*** | |
| 5 | This file is part of systemd. | |
| 6 | ||
| d7832d2c | 7 | Copyright 2010 Lennart Poettering |
| 7f110ff9 LP |
8 | ***/ |
| 9 | ||
| ec8927ca | 10 | #include <stdbool.h> |
| 11c3a366 | 11 | #include <stdint.h> |
| 5ce70e5b | 12 | #include <sys/capability.h> |
| 11c3a366 | 13 | #include <sys/types.h> |
| 5ce70e5b | 14 | |
| 11c3a366 | 15 | #include "macro.h" |
| 5ce70e5b | 16 | #include "util.h" |
| ec8927ca | 17 | |
| a103496c IP |
18 | #define CAP_ALL (uint64_t) -1 |
| 19 | ||
| d7832d2c KS |
20 | unsigned long cap_last_cap(void); |
| 21 | int have_effective_cap(int value); | |
| a103496c IP |
22 | int capability_bounding_set_drop(uint64_t keep, bool right_now); |
| 23 | int capability_bounding_set_drop_usermode(uint64_t keep); | |
| 5ce70e5b | 24 | |
| 755d4b67 IP |
25 | int capability_ambient_set_apply(uint64_t set, bool also_inherit); |
| 26 | int capability_update_inherited_set(cap_t caps, uint64_t ambient_set); | |
| 27 | ||
| 45afd519 | 28 | int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities); |
| 966bff26 | 29 | |
| dd5ae4c3 PK |
30 | int drop_capability(cap_value_t cv); |
| 31 | ||
| 5ce70e5b ZJS |
32 | DEFINE_TRIVIAL_CLEANUP_FUNC(cap_t, cap_free); |
| 33 | #define _cleanup_cap_free_ _cleanup_(cap_freep) | |
| 34 | ||
| 35 | static inline void cap_free_charpp(char **p) { | |
| 36 | if (*p) | |
| 37 | cap_free(*p); | |
| 38 | } | |
| 39 | #define _cleanup_cap_free_charp_ _cleanup_(cap_free_charpp) | |
| a103496c IP |
40 | |
| 41 | static inline bool cap_test_all(uint64_t caps) { | |
| 42 | uint64_t m; | |
| 43 | m = (UINT64_C(1) << (cap_last_cap() + 1)) - 1; | |
| 44 | return (caps & m) == m; | |
| 45 | } | |
| 39f608e4 LP |
46 | |
| 47 | bool ambient_capabilities_supported(void); |