git.ipfire.org Git - thirdparty/util-linux.git/commit

author	Patrick Steinhardt <ps@pks.im>
	Sat, 24 Jun 2017 14:04:34 +0000 (16:04 +0200)
committer	Karel Zak <kzak@redhat.com>
	Tue, 27 Jun 2017 12:59:19 +0000 (14:59 +0200)
commit	0c92194eeee9c1fd58580ef852c11eb1861d6dee
tree	e85969c48be18e151759107839b3f227f4df038f	tree
parent	05a22eac65c3d7756c08ddc14ece2918517bc8ee	commit \| diff

setpriv: support modifying the set of ambient capabilities

Right now, we do not support modifying the set of ambient capabilities,
which has been introduced quite recently with Linux 4.3. As libcap-ng
does not yet provide any ability to modify this set, we do have to roll
our own support via `prctl`, which is now easy to do due to the
indirections introduced in the preceding commits. We add a new command
line argument "--ambient-caps", which uses the same syntax as both
"--inh-caps" and "--bounding-set" to specify either adding or dropping
capabilities.

This commit also adjusts documentation to mention the newly introduced
ability to modify the ambient capability set.

Based on a patch by Andy Lutomirski.

Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Patrick Steinhardt <ps@pks.im>

sys-utils/setpriv.1		diff \| blob \| blame \| history
sys-utils/setpriv.c		diff \| blob \| blame \| history