return chroot_dir;
}
-void restrict_access_allow_coredumps(bool allow ATTR_UNUSED)
+void restrict_access_set_dumpable(bool allow ATTR_UNUSED)
{
#ifdef HAVE_PR_SET_DUMPABLE
+ if (prctl(PR_SET_DUMPABLE, allow ? 1 : 0, 0, 0, 0) < 0)
+ i_error("prctl(PR_SET_DUMPABLE) failed: %m");
+#endif
+}
+
+bool restrict_access_get_dumpable(void)
+{
+#ifdef HAVE_PR_SET_DUMPABLE
+ bool allow = FALSE;
+ if (prctl(PR_GET_DUMPABLE, &allow, 0, 0, 0) < 0)
+ i_error("prctl(PR_GET_DUMPABLE) failed: %m");
+ return allow;
+#endif
+ return TRUE;
+}
+
+void restrict_access_allow_coredumps(bool allow)
+{
if (getenv("PR_SET_DUMPABLE") != NULL) {
- if (prctl(PR_SET_DUMPABLE, allow ? 1 : 0, 0, 0, 0) < 0)
- i_error("prctl(PR_SET_DUMPABLE) failed: %m");
+ restrict_access_set_dumpable(allow);
}
-#endif
}
int restrict_access_use_priv_gid(void)
*/
void restrict_access_allow_coredumps(bool allow);
+/* Sets process dumpable true or false. Setting this true allows core dumping,
+ reading /proc/self/io, attaching with PTRACE_ATTACH, and also changes
+ ownership of /proc/[pid] directory. */
+void restrict_access_set_dumpable(bool allow);
+
+/* Gets process dumpability, returns TRUE if not supported, because
+ we then assume that constraint is not present. */
+bool restrict_access_get_dumpable(void);
+
/* If privileged_gid was set, these functions can be used to temporarily
gain access to the group. */
int restrict_access_use_priv_gid(void);
projects / thirdparty / dovecot / core.git / commitdiff
