GCC Code Coverage Report

Directory:	cvmfs/
File:	cvmfs/swissknife_capabilities.cc
Date:	2025-11-09 02:35:23

	Exec	Total	Coverage
Lines:	0	24	0.0%
Branches:	0	16	0.0%

Line	Exec	Source
1		/**
2		* This file is part of the CernVM File System.
3		*/
4
5
6		#include "swissknife_capabilities.h"
7
8		#include <errno.h>
9		#include <sys/capability.h>
10
11		#include <cassert>
12
13		#include "util/logging.h"
14
15		namespace swissknife {
16
17	✗	bool ObtainDacReadSearchCapability() {
18	✗	const cap_value_t cap = CAP_DAC_READ_SEARCH;
19		#ifdef CAP_IS_SUPPORTED
20	✗	assert(CAP_IS_SUPPORTED(cap));
21		#endif
22
23	✗	cap_t caps_proc = cap_get_proc();
24	✗	assert(caps_proc != NULL);
25
26		cap_flag_value_t cap_state;
27	✗	int retval = cap_get_flag(caps_proc, cap, CAP_EFFECTIVE, &cap_state);
28	✗	assert(retval == 0);
29
30	✗	if (cap_state == CAP_SET) {
31	✗	cap_free(caps_proc);
32	✗	return true;
33		}
34
35	✗	retval = cap_get_flag(caps_proc, cap, CAP_PERMITTED, &cap_state);
36	✗	assert(retval == 0);
37	✗	if (cap_state != CAP_SET) {
38	✗	LogCvmfs(kLogCvmfs, kLogStdout,
39		"Warning: CAP_DAC_READ_SEARCH cannot be obtained. "
40		"It's not in the process's permitted set.");
41	✗	cap_free(caps_proc);
42	✗	return false;
43		}
44
45	✗	retval = cap_set_flag(caps_proc, CAP_EFFECTIVE, 1, &cap, CAP_SET);
46	✗	assert(retval == 0);
47
48	✗	retval = cap_set_proc(caps_proc);
49	✗	cap_free(caps_proc);
50
51	✗	if (retval != 0) {
52	✗	LogCvmfs(kLogCvmfs, kLogStderr,
53		"Cannot reset capabilities for current process "
54		"(errno: %d)",
55		errno);
56	✗	return false;
57		}
58
59	✗	return true;
60		}
61
62		} // namespace swissknife
63

/**

* This file is part of the CernVM File System.

*/

#include "swissknife_capabilities.h"