src/libpakfire/arch.c \
src/libpakfire/archive.c \
src/libpakfire/build.c \
+ src/libpakfire/capabilities.c \
src/libpakfire/cgroup.c \
src/libpakfire/compress.c \
src/libpakfire/config.c \
src/libpakfire/include/pakfire/arch.h \
src/libpakfire/include/pakfire/archive.h \
src/libpakfire/include/pakfire/build.h \
+ src/libpakfire/include/pakfire/capabilities.h \
src/libpakfire/include/pakfire/cgroup.h \
src/libpakfire/include/pakfire/compress.h \
src/libpakfire/include/pakfire/config.h \
--- /dev/null
+/*#############################################################################
+# #
+# Pakfire - The IPFire package management system #
+# Copyright (C) 2022 Pakfire development team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+#############################################################################*/
+
+#include <sys/capability.h>
+#include <sys/prctl.h>
+
+#include <pakfire/capabilities.h>
+#include <pakfire/logging.h>
+#include <pakfire/pakfire.h>
+
+int pakfire_has_cap(struct pakfire* pakfire, cap_value_t cap) {
+ cap_flag_value_t value = CAP_CLEAR;
+ int r;
+
+ // Fetch all capabilities
+ cap_t caps = cap_get_proc();
+ if (!caps) {
+ ERROR(pakfire, "Could not fetch capabilities: %m\n");
+ r = -1;
+ goto ERROR;
+ }
+
+ // Fetch the flag we are interested in
+ r = cap_get_flag(caps, cap, CAP_EFFECTIVE, &value);
+ if (r < 0) {
+ ERROR(pakfire, "cap_get_flag() failed: %m\n");
+ goto ERROR;
+ }
+
+ // Set r
+ switch (value) {
+ case CAP_CLEAR:
+ r = 0;
+ break;
+
+ case CAP_SET:
+ r = 1;
+ break;
+ }
+
+ERROR:
+ if (caps)
+ cap_free(caps);
+
+ return r;
+}
+
+int pakfire_keep_caps(struct pakfire* pakfire) {
+ int r;
+
+ r = prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+ if (r < 0)
+ ERROR(pakfire, "prctl(PR_SET_KEEPCAPS, ...) failed: %m\n");
+
+ return r;
+}
--- /dev/null
+/*#############################################################################
+# #
+# Pakfire - The IPFire package management system #
+# Copyright (C) 2022 Pakfire development team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+#############################################################################*/
+
+#ifndef PAKFIRE_CAPABILITIES_H
+#define PAKFIRE_CAPABILITIES_H
+
+#ifdef PAKFIRE_PRIVATE
+
+#include <sys/capability.h>
+
+#include <pakfire/pakfire.h>
+
+int pakfire_has_cap(struct pakfire* pakfire, cap_value_t cap);
+int pakfire_keep_caps(struct pakfire* pakfire);
+
+#endif
+
+#endif /* PAKFIRE_CAPABILITIES_H */
projects / people / stevee / pakfire.git / commitdiff
