From ff5538e5c083812f2025f237778ab7d90d6712e5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Sat, 15 Jan 2011 16:24:58 +0100 Subject: [PATCH] Use newer Linux capability native API, if available --- src/libcharon/daemon.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 2e708745ce..e4009864bd 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -22,9 +22,11 @@ #include #ifdef CAPABILITIES -#ifdef HAVE_SYS_CAPABILITY_H -#include -#endif /* HAVE_SYS_CAPABILITY_H */ +# ifdef HAVE_SYS_CAPABILITY_H +# include +# elif defined(CAPABILITIES_NATIVE) +# include +# endif /* CAPABILITIES_NATIVE */ #endif /* CAPABILITIES */ #include "daemon.h" @@ -56,7 +58,7 @@ struct private_daemon_t { cap_t caps; #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE - struct __user_cap_data_struct caps; + struct __user_cap_data_struct caps[2]; #endif /* CAPABILITIES_NATIVE */ }; @@ -141,9 +143,16 @@ METHOD(daemon_t, keep_cap, void, cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET); #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE - this->caps.effective |= 1 << cap; - this->caps.permitted |= 1 << cap; - this->caps.inheritable |= 1 << cap; + int i = 0; + + if (cap >= 32) + { + i++; + cap -= 32; + } + this->caps[i].effective |= 1 << cap; + this->caps[i].permitted |= 1 << cap; + this->caps[i].inheritable |= 1 << cap; #endif /* CAPABILITIES_NATIVE */ } @@ -158,9 +167,15 @@ METHOD(daemon_t, drop_capabilities, bool, #endif /* CAPABILITIES_LIBCAP */ #ifdef CAPABILITIES_NATIVE struct __user_cap_header_struct header = { - .version = _LINUX_CAPABILITY_VERSION, +#if defined(_LINUX_CAPABILITY_VERSION_3) + .version = _LINUX_CAPABILITY_VERSION_3, +#elif defined(_LINUX_CAPABILITY_VERSION_2) + .version = _LINUX_CAPABILITY_VERSION_2, +#else + .version = _LINUX_CAPABILITY_VERSION_1, +#endif }; - if (capset(&header, &this->caps) != 0) + if (capset(&header, this->caps) != 0) { return FALSE; } -- 2.47.2