diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-08-09 15:07:15 +0200 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2017-09-25 14:31:22 +0200 |
| commit | f7063548a0850e63e10cd33c38ccd47bdda20605 (patch) | |
| tree | f572aa5f6b89c268a923f29c808e1d4d0d51cba3 /src/basic/capability-util.c | |
| parent | 1f130b1ec38f8c1d8c4f47c9b5a36b7017526fbe (diff) | |
capability: add new ambient_capabilities_supported() helper
This new function reports whether ambient caps are available, and should
be quick because the result is cached.
Diffstat (limited to 'src/basic/capability-util.c')
| -rw-r--r-- | src/basic/capability-util.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index 952bcc2d7..9900eafd5 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -373,3 +373,18 @@ int drop_capability(cap_value_t cv) { return 0; } #endif // 0 + +bool ambient_capabilities_supported(void) { + static int cache = -1; + + if (cache >= 0) + return cache; + + /* If PR_CAP_AMBIENT returns something valid, or an unexpected error code we assume that ambient caps are + * available. */ + + cache = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_KILL, 0, 0) >= 0 || + !IN_SET(errno, EINVAL, EOPNOTSUPP, ENOSYS); + + return cache; +} |