CernVM-FS  2.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
swissknife_capabilities.cc
Go to the documentation of this file.
1 
5 #include "cvmfs_config.h"
6 #include "swissknife_capabilities.h"
7 
8 #include <errno.h>
9 #include <sys/capability.h>
10 
11 #include <cassert>
12 
13 #include "util/logging.h"
14 
15 namespace swissknife {
16 
17 bool ObtainDacReadSearchCapability() {
18  cap_value_t cap = CAP_DAC_READ_SEARCH;
19 #ifdef CAP_IS_SUPPORTED
20  assert(CAP_IS_SUPPORTED(cap));
21 #endif
22 
23  cap_t caps_proc = cap_get_proc();
24  assert(caps_proc != NULL);
25 
26  cap_flag_value_t cap_state;
27  int retval = cap_get_flag(caps_proc, cap, CAP_EFFECTIVE, &cap_state);
28  assert(retval == 0);
29 
30  if (cap_state == CAP_SET) {
31  cap_free(caps_proc);
32  return true;
33  }
34 
35  retval = cap_get_flag(caps_proc, cap, CAP_PERMITTED, &cap_state);
36  assert(retval == 0);
37  if (cap_state != CAP_SET) {
38  LogCvmfs(kLogCvmfs, kLogStdout,
39  "Warning: CAP_DAC_READ_SEARCH cannot be obtained. "
40  "It's not in the process's permitted set.");
41  cap_free(caps_proc);
42  return false;
43  }
44 
45  retval = cap_set_flag(caps_proc, CAP_EFFECTIVE, 1, &cap, CAP_SET);
46  assert(retval == 0);
47 
48  retval = cap_set_proc(caps_proc);
49  cap_free(caps_proc);
50 
51  if (retval != 0) {
52  LogCvmfs(kLogCvmfs, kLogStderr,
53  "Cannot reset capabilities for current process "
54  "(errno: %d)",
55  errno);
56  return false;
57  }
58 
59  return true;
60 }
61 
62 } // namespace swissknife
assert
assert((mem||(size==0))&&"Out Of Memory")
swissknife_capabilities.h
kLogStdout
Definition: logging_internal.h:23
kLogStderr
Definition: logging_internal.h:24
swissknife::ObtainDacReadSearchCapability
bool ObtainDacReadSearchCapability()
Definition: swissknife_capabilities.cc:17
kLogCvmfs
Definition: logging_internal.h:80
LogCvmfs
CVMFS_EXPORT void LogCvmfs(const LogSource source, const int mask, const char *format,...)
Definition: logging.cc:528