int capability_set_to_string_alloc(uint64_t set, char **s) {
_cleanup_free_ char *str = NULL;
- unsigned long i;
size_t allocated = 0, n = 0;
assert(s);
- for (i = 0; i <= cap_last_cap(); i++)
+ for (unsigned i = 0; i <= cap_last_cap(); i++)
if (set & (UINT64_C(1) << i)) {
const char *p;
char buf[2 + 16 + 1];
p = capability_to_name(i);
if (!p) {
- xsprintf(buf, "0x%lx", i);
+ xsprintf(buf, "0x%x", i);
p = buf;
}
return fv == CAP_SET;
}
-unsigned long cap_last_cap(void) {
- static thread_local unsigned long saved;
+unsigned cap_last_cap(void) {
+ static thread_local unsigned saved;
static thread_local bool valid = false;
_cleanup_free_ char *content = NULL;
unsigned long p = 0;
if (prctl(PR_CAPBSET_READ, p) < 0) {
/* Hmm, look downwards, until we find one that works */
- for (p--; p > 0; p --)
+ for (p--; p > 0; p--)
if (prctl(PR_CAPBSET_READ, p) >= 0)
break;
}
int capability_update_inherited_set(cap_t caps, uint64_t set) {
- unsigned long i;
-
/* Add capabilities in the set to the inherited caps, drops capabilities not in the set.
* Do not apply them yet. */
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
cap_flag_value_t flag = set & (UINT64_C(1) << i) ? CAP_SET : CAP_CLEAR;
cap_value_t v;
int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
_cleanup_cap_free_ cap_t caps = NULL;
- unsigned long i;
int r;
/* Remove capabilities requested in ambient set, but not in the bounding set */
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
if (set == 0)
break;
return -errno;
}
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
if (set & (UINT64_C(1) << i)) {
int capability_bounding_set_drop(uint64_t keep, bool right_now) {
_cleanup_cap_free_ cap_t before_cap = NULL, after_cap = NULL;
cap_flag_value_t fv;
- unsigned long i;
int r;
/* If we are run as PID 1 we will lack CAP_SETPCAP by default
if (!after_cap)
return -errno;
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
cap_value_t v;
if ((keep & (UINT64_C(1) << i)))
}
bool capability_quintet_mangle(CapabilityQuintet *q) {
- unsigned long i;
uint64_t combined, drop = 0;
bool ambient_supported;
if (ambient_supported)
combined |= q->ambient;
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
unsigned long bit = UINT64_C(1) << i;
if (!FLAGS_SET(combined, bit))
continue;
int r;
if (q->ambient != (uint64_t) -1) {
- unsigned long i;
bool changed = false;
c = cap_get_proc();
if (!c)
return -errno;
- /* In order to raise the ambient caps set we first need to raise the matching inheritable + permitted
- * cap */
- for (i = 0; i <= cap_last_cap(); i++) {
+ /* In order to raise the ambient caps set we first need to raise the matching
+ * inheritable + permitted cap */
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
uint64_t m = UINT64_C(1) << i;
cap_value_t cv = (cap_value_t) i;
cap_flag_value_t old_value_inheritable, old_value_permitted;
if (q->inheritable != (uint64_t) -1 || q->permitted != (uint64_t) -1 || q->effective != (uint64_t) -1) {
bool changed = false;
- unsigned long i;
if (!c) {
c = cap_get_proc();
return -errno;
}
- for (i = 0; i <= cap_last_cap(); i++) {
+ for (unsigned i = 0; i <= cap_last_cap(); i++) {
uint64_t m = UINT64_C(1) << i;
cap_value_t cv = (cap_value_t) i;
projects / thirdparty / systemd.git / commitdiff
