Skip to content

Commit

Permalink
capabilities: don't rely on hardcode set of supported capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexey-tikhonov
alexey-tikhonov committed Feb 28, 2025
1 parent 9152646 commit 1230594
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions src/util/capabilities.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,10 +272,31 @@ errno_t sss_set_cap_effective(cap_value_t cap, bool effective)

void sss_drop_all_caps(void)
{
size_t i;
int ret;

for (i = 0; i < sizeof(_all_caps)/sizeof(cap_description); ++i) {
sss_drop_cap(_all_caps[i].val);
cap_t caps = cap_get_proc();
if (caps == NULL) {
ret = errno;
DEBUG(SSSDBG_TRACE_FUNC, "cap_get_proc() failed: %d ('%s')\n",
ret, strerror(ret));
return;
}
if (cap_clear(caps) == -1) {
ret = errno;
DEBUG(SSSDBG_TRACE_FUNC,
"cap_clear() failed: %d ('%s')\n", ret, strerror(ret));
goto done;
}
if (cap_set_proc(caps) == -1) {
ret = errno;
DEBUG(SSSDBG_TRACE_FUNC, "cap_set_proc() failed: %d ('%s')\n",
ret, strerror(ret));
goto done;
}

done:
if (cap_free(caps) == -1) {
DEBUG(SSSDBG_TRACE_FUNC, "cap_free() failed\n");
}
}

Expand Down

0 comments on commit 1230594

Please sign in to comment.