aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSeebs <seebs@seebs.net>2016-12-12 14:27:54 -0600
committerSeebs <seebs@seebs.net>2016-12-12 14:27:54 -0600
commit041185e324113cf12bf26deea1df763622c02c21 (patch)
tree15245a1e9a86cfab2e023b0e0596ae54b6cccfb5
parentbd45c2d860de783433bedd3832c0c2c574591a3b (diff)
downloadpseudo-041185e324113cf12bf26deea1df763622c02c21.tar.gz
pseudo-041185e324113cf12bf26deea1df763622c02c21.tar.bz2
pseudo-041185e324113cf12bf26deea1df763622c02c21.zip
The setcap utility supplied by libcap is used to set capabilities on a
file. Before setting a file's capabilities with cap_set_file() (which uses setxattr()) it calls cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET). cap_set_flag() uses the capset syscall to raise the process' effective capability. In most cases if the process isn't running as root this will fail and setcap will exit with an error. Because setxattr is intercepted by pseudo it's unnecessary for setcap to call capset(). Override capset with a pseudo function that does nothing and always returns 0. Signed-off-by: George McCollister <george.mccollister at gmail.com> Signed-off-by: Seebs <seebs@seebs.net>
-rw-r--r--ChangeLog.txt1
-rw-r--r--ports/linux/guts/capset.c13
-rw-r--r--ports/linux/portdefs.h2
-rw-r--r--ports/linux/pseudo_wrappers.c7
-rw-r--r--ports/linux/wrapfuncs.in1
5 files changed, 24 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index d2f93b0..1539411 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -5,6 +5,7 @@
* All of these from: Gaƫl PORTAY <gael.portay@savoirfairelinux.com>
* (seebs) import fix from Rabin Vincent for test case
* (seebs) import fix from Rabin Vincent for pthread mutexes
+ * (seebs) import fix from George McCollister for capset.
2016-11-23:
* (seebs) actually wait on server shutdown for pseudo -S [cmd]
diff --git a/ports/linux/guts/capset.c b/ports/linux/guts/capset.c
new file mode 100644
index 0000000..51e0cdf
--- /dev/null
+++ b/ports/linux/guts/capset.c
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2016 Wind River Systems; see
+ * guts/COPYRIGHT for information.
+ *
+ * int capset(cap_user_header_t hdrp, const cap_user_data_t datap)
+ * int rc = -1;
+ */
+
+ rc = real_capset(hdrp, datap);
+
+/* return rc;
+ * }
+ */
diff --git a/ports/linux/portdefs.h b/ports/linux/portdefs.h
index cf6b375..942356d 100644
--- a/ports/linux/portdefs.h
+++ b/ports/linux/portdefs.h
@@ -25,3 +25,5 @@ GLIBC_COMPAT_SYMBOL(memcpy,2.2.5);
#elif defined(__i386__)
GLIBC_COMPAT_SYMBOL(memcpy,2.0);
#endif
+
+#include <linux/capability.h>
diff --git a/ports/linux/pseudo_wrappers.c b/ports/linux/pseudo_wrappers.c
index 0e9a41f..e7f79f8 100644
--- a/ports/linux/pseudo_wrappers.c
+++ b/ports/linux/pseudo_wrappers.c
@@ -42,3 +42,10 @@ int
pseudo_mknodat(int dirfd, const char *path, mode_t mode, dev_t dev) {
return real___xmknodat(_MKNOD_VER, dirfd, path, mode, &dev);
}
+
+int pseudo_capset(cap_user_header_t hdrp, const cap_user_data_t datap) {
+ (void)hdrp;
+ (void)datap;
+
+ return 0;
+}
diff --git a/ports/linux/wrapfuncs.in b/ports/linux/wrapfuncs.in
index c45e01a..fca5b50 100644
--- a/ports/linux/wrapfuncs.in
+++ b/ports/linux/wrapfuncs.in
@@ -53,3 +53,4 @@ int euidaccess(const char *path, int mode);
int getpw(uid_t uid, char *buf);
int getpwent_r(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
int getgrent_r(struct group *gbuf, char *buf, size_t buflen, struct group **gbufp);
+int capset(cap_user_header_t hdrp, const cap_user_data_t datap); /* real_func=pseudo_capset */