1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*
* Copyright (c) 1997-8 Andrew G. Morgan <morgan@kernel.org>
*
* This sets the capabilities of a given process.
*/
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#undef _POSIX_SOURCE
#include <sys/capability.h>
#include <unistd.h>
static void usage(void)
{
fprintf(stderr,
"usage: setcap [-q] (-|<caps>) <pid> [ ... (-|<capsN>) <pid> ]\n\n"
" This program can be used to set the process capabilities of running\n"
" processes. In order to work, it needs to be executing with CAP_SETPCAP\n"
" raised, and the only capabilities that this program can bestow on others\n"
" are a subset of its effective set. This program is mostly intended as an\n"
" example -- a safe use of CAP_SETPCAP has yet to be demonstrated!\n\n"
"[Copyright (c) 1997-8 Andrew G. Morgan <morgan@kernel.org>]\n"
);
exit(1);
}
#define MAXCAP 2048
static int read_caps(int quiet, const char *filename, char *buffer)
{
int i=MAXCAP;
if (!quiet) {
fprintf(stderr, "Please enter caps for file [empty line to end]:\n");
}
while (i > 0) {
int j = read(STDIN_FILENO, buffer, i);
if (j < 0) {
fprintf(stderr, "\n[Error - aborting]\n");
exit(1);
}
if (j==0 || buffer[0] == '\n') {
/* we're done */
break;
}
/* move on... */
i -= j;
buffer += j;
}
/* <NUL> terminate */
buffer[0] = '\0';
return (i < MAXCAP ? 0:-1);
}
int main(int argc, char **argv)
{
char buffer[MAXCAP+1];
int retval, quiet=0;
cap_t cap_d;
if (argc < 3) {
usage();
}
while (--argc > 0) {
const char *text;
pid_t pid;
if (!strcmp(*++argv,"-q")) {
quiet = 1;
continue;
}
if (!strcmp(*argv,"-")) {
retval = read_caps(quiet, *argv, buffer);
if (retval)
usage();
text = buffer;
} else
text = *argv;
cap_d = cap_from_text(text);
if (cap_d == NULL) {
perror("fatal error");
usage();
}
#ifndef DEBUG
{
ssize_t length;
char *result;
result = cap_to_text(cap_d, &length);
fprintf(stderr, "[caps set to:\n%s\n]\n", result);
cap_free(result);
result = NULL;
}
#endif
if (--argc <= 0)
usage();
pid = atoi(*++argv);
retval = capsetp(pid, cap_d);
if (retval != 0) {
fprintf(stderr, "Failed to set cap's on process `%d': (%s)\n",
pid, strerror(errno));
usage();
}
#ifndef DEBUG
fprintf(stderr, "[caps set on %d]\n", pid);
#endif
}
return 0;
}
|
