本文整理汇总了C++中cap_get_proc函数的典型用法代码示例。如果您正苦于以下问题:C++ cap_get_proc函数的具体用法?C++ cap_get_proc怎么用?C++ cap_get_proc使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了cap_get_proc函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: main
int
main(int argc, char *argv[])
{
cap_t caps;
pid_t pid;
int r;
/* Create child; child commences execution in childFunc() */
printf("******* info of the parent process - start ********\n");
caps = cap_get_proc();
printf("Before unshare, the capabilities are:\n");
printf("capabilities: %s\n", cap_to_text(caps, NULL));
r = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER );
if(r == -1) {
printf("unshare failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
caps = cap_get_proc();
printf("After unshare, the capabilities are:\n");
printf("capabilities: %s\n", cap_to_text(caps, NULL));
printf("the process pid is: %ld\n", (long)getpid());
r = execlp("sh", "sh", (char *)0);
if(r == -1) {
printf("execlp failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
开发者ID:hmeng-19,项目名称:logs,代码行数:31,代码来源:demo_userns.c
示例2: ruid_suidback
/* run during request cleanup */
static apr_status_t ruid_suidback (void *data)
{
request_rec *r = data;
ruid_config_t *conf = ap_get_module_config (r->server->module_config, &ruid2_module);
core_server_config *core = (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
cap_t cap;
cap_value_t capval[3];
if (cap_mode == RUID_CAP_MODE_KEEP) {
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_SYS_CHROOT;
cap_set_flag(cap, CAP_EFFECTIVE, (conf->chroot_dir ? 3 : 2), capval, CAP_SET);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed before setuid", MODULE_NAME, __func__);
}
cap_free(cap);
setgroups(startup_groupsnr, startup_groups);
setgid(ap_unixd_config.group_id);
setuid(ap_unixd_config.user_id);
/* set httpd process dumpable after setuid */
if (coredump) {
prctl(PR_SET_DUMPABLE,1);
}
/* jail break */
if (conf->chroot_dir) {
if (fchdir(root_handle) < 0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s failed to fchdir to root dir (%d) (%s)", MODULE_NAME, root_handle, strerror(errno));
} else {
if (chroot(".") != 0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s jail break failed", MODULE_NAME);
}
}
core->ap_document_root = old_root;
}
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_SYS_CHROOT;
cap_set_flag(cap, CAP_EFFECTIVE, 3, capval, CAP_CLEAR);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed after setuid", MODULE_NAME, __func__);
}
cap_free(cap);
}
return DECLINED;
}
开发者ID:bjacquin,项目名称:mod-ruid2,代码行数:57,代码来源:mod_ruid2.c
示例3: sysnet_get_permissions
static int sysnet_get_permissions()
{
cap_t caps = cap_get_proc();
if (caps == NULL) {
perror("cap_get_proc()");
return errno;
}
cap_value_t cap_list = CAP_NET_ADMIN;
int error = 0;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_list, CAP_SET) == -1) {
error = errno;
perror("cap_set_flags(CAP_NET_ADMIN)");
}
if (cap_set_proc(caps) == -1) {
error = errno;
perror("cap_set_proc(CAP_NET_ADMIN)");
}
if (cap_free(caps) == -1) {
error = errno;
perror("cap_free()");
}
return error;
}
开发者ID:Ansa89,项目名称:toxvpn-1,代码行数:28,代码来源:sys_interface_linux.c
示例4: bin_cap
static int
bin_cap(char *nam, char **argv, UNUSED(Options ops), UNUSED(int func))
{
int ret = 0;
cap_t caps;
if(*argv) {
unmetafy(*argv, NULL);
caps = cap_from_text(*argv);
if(!caps) {
zwarnnam(nam, "invalid capability string");
return 1;
}
if(cap_set_proc(caps)) {
zwarnnam(nam, "can't change capabilities: %e", errno);
ret = 1;
}
} else {
char *result = NULL;
ssize_t length;
caps = cap_get_proc();
if(caps)
result = cap_to_text(caps, &length);
if(!caps || !result) {
zwarnnam(nam, "can't get capabilities: %e", errno);
ret = 1;
} else
puts(result);
}
cap_free(caps);
return ret;
}
开发者ID:AMDmi3,项目名称:zsh,代码行数:31,代码来源:cap.c
示例5: modify_capability
int modify_capability(cap_value_t cap, cap_flag_value_t on)
{
cap_t cap_p = cap_get_proc();
cap_flag_value_t cap_ok;
int rc = -1;
if (!cap_p) {
perror("ping: cap_get_proc");
goto out;
}
cap_ok = CAP_CLEAR;
cap_get_flag(cap_p, cap, CAP_PERMITTED, &cap_ok);
if (cap_ok == CAP_CLEAR) {
rc = on ? -1 : 0;
goto out;
}
cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap, on);
if (cap_set_proc(cap_p) < 0) {
perror("ping: cap_set_proc");
goto out;
}
cap_free(cap_p);
rc = 0;
out:
if (cap_p)
cap_free(cap_p);
return rc;
}
开发者ID:DARKPOP,项目名称:external_iputils,代码行数:33,代码来源:ping_common.c
示例6: main
int main(int argc, char *argv[])
{
#ifdef HAVE_LIBCAP
cap_t cap = cap_get_proc();
int fd;
int seqno = 0;
char buf[2000];
if (argc > 1)
seqno = atoi(argv[1]);
if (!cap) {
perror("print_caps - cap_get_proc");
exit(1);
}
fd = open(FIFOFILE, O_WRONLY);
if (!fd) {
perror("print_caps: open fifo");
exit(2);
}
snprintf(buf, 2000, "%d.%s", seqno, cap_to_text(cap, NULL));
write(fd, buf, strlen(buf)+1);
close(fd);
cap_free(cap);
#endif
return 0;
}
开发者ID:Mellanox,项目名称:arc_ltp,代码行数:30,代码来源:print_caps.c
示例7: cap_check
static capa_status cap_check(cap_value_t capa, user_interaction & ui, bool verbose, const std::string & capa_name)
{
capa_status ret = capa_unknown;
cap_t capaset = cap_get_proc();
cap_flag_value_t val;
try
{
if(cap_get_flag(capaset, capa, CAP_EFFECTIVE, &val) == 0)
ret = (val == CAP_SET) ? capa_set : capa_clear;
else
{
ret = capa_unknown;
if(verbose)
{
string tmp = strerror(errno);
ui.printf(gettext("Error met while checking for capability %S: %S"), &capa_name, &tmp);
}
}
}
catch(...) // well a try/catch may seems useless here, but it does not hurt ... :-)
{
cap_free(capaset);
throw;
}
cap_free(capaset);
return ret;
}
开发者ID:bradc6,项目名称:libdar,代码行数:29,代码来源:capabilities.cpp
示例8: lxc_caps_down
int lxc_caps_down(void)
{
cap_t caps;
int ret;
/* when we are run as root, we don't want to play
* with the capabilities */
if (!getuid())
return 0;
caps = cap_get_proc();
if (!caps) {
ERROR("failed to cap_get_proc: %m");
return -1;
}
ret = cap_clear_flag(caps, CAP_EFFECTIVE);
if (ret) {
ERROR("failed to cap_clear_flag: %m");
goto out;
}
ret = cap_set_proc(caps);
if (ret) {
ERROR("failed to cap_set_proc: %m");
goto out;
}
out:
cap_free(caps);
return 0;
}
开发者ID:duanbing,项目名称:lxc-0.9.0-comment,代码行数:32,代码来源:caps.c
示例9: debug_print_caps
void debug_print_caps(char *when)
{
char buf[2000];
tst_resm(TINFO, "%s", when);
snprintf(buf, 2000, "%s", cap_to_text(cap_get_proc(), NULL));
tst_resm(TINFO, "%s", buf);
}
开发者ID:heluxie,项目名称:LTP,代码行数:7,代码来源:inh_capped.c
示例10: lxc_caps_check
/*
* check if we have the caps needed to start a container. returns 1 on
* success, 0 on error. (I'd prefer this be a bool, but am afraid that
* might fail to build on some distros).
*/
int lxc_caps_check(void)
{
uid_t uid = getuid();
cap_t caps;
cap_flag_value_t value;
int i, ret;
cap_value_t needed_caps[] = { CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID };
#define NUMCAPS ((int) (sizeof(needed_caps) / sizeof(cap_t)))
if (!uid)
return 1;
caps = cap_get_proc();
if (!caps) {
ERROR("failed to cap_get_proc: %m");
return 0;
}
for (i=0; i<NUMCAPS; i++) {
ret = cap_get_flag(caps, needed_caps[i], CAP_EFFECTIVE, &value);
if (ret) {
ERROR("Failed to cap_get_flag: %m");
return 0;
}
if (!value) {
return 0;
}
}
return 1;
}
开发者ID:ostap,项目名称:lxc,代码行数:38,代码来源:caps.c
示例11: modify_cap
int
modify_cap (int capability, int setting)
{
cap_t caps;
cap_value_t capList[1];
caps = cap_get_proc ();
if (caps == NULL)
return -1;
capList[0] = capability;
if (cap_set_flag (caps, CAP_EFFECTIVE, 1, capList, setting) == -1) {
cap_free (caps);
return -1;
}
if (cap_set_proc (caps) == -1) {
cap_free (caps);
return -1;
}
if (cap_free (caps) == -1)
return -1;
return 0;
}
开发者ID:twoerner,项目名称:tlpi,代码行数:26,代码来源:ch39lib.c
示例12: modify_capability
int modify_capability(cap_value_t cap, cap_flag_value_t on)
{
cap_t cap_p = cap_get_proc();
if (!cap_p) {
perror("cap_get_proc");
return -1;
}
if (cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap, on) < 0) {
perror("cap_set_flag");
return -1;
}
if (cap_set_proc(cap_p) < 0) {
perror("cap_set_proc");
return -1;
}
if (cap_free(cap_p) < 0) {
perror("cap_free");
return -1;
}
return 0;
}
开发者ID:DipSwitch,项目名称:RplIcmp,代码行数:26,代码来源:caplib.c
示例13: capabilities
/**************************************************************************
Try and abstract process capabilities (for systems that have them).
****************************************************************************/
static BOOL set_process_capability( uint32 cap_flag, BOOL enable )
{
if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
cap_t cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_process_capability: cap_get_proc failed. Error was %s\n",
strerror(errno)));
return False;
}
if(enable)
cap->cap_effective |= CAP_NETWORK_MGT;
else
cap->cap_effective &= ~CAP_NETWORK_MGT;
if (cap_set_proc(cap) == -1) {
DEBUG(0,("set_process_capability: cap_set_proc failed. Error was %s\n",
strerror(errno)));
cap_free(cap);
return False;
}
cap_free(cap);
DEBUG(10,("set_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
}
return True;
}
开发者ID:WiseMan787,项目名称:ralink_sdk,代码行数:32,代码来源:system.c
示例14: set_inherited_process_capability
static bool set_inherited_process_capability( uint32_t cap_flag, bool enable )
{
if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
cap_t cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_inherited_process_capability: cap_get_proc failed. Error was %s\n",
strerror(errno)));
return false;
}
if(enable)
cap->cap_inheritable |= CAP_NETWORK_MGT;
else
cap->cap_inheritable &= ~CAP_NETWORK_MGT;
if (cap_set_proc(cap) == -1) {
DEBUG(0,("set_inherited_process_capability: cap_set_proc failed. Error was %s\n",
strerror(errno)));
cap_free(cap);
return false;
}
cap_free(cap);
DEBUG(10,("set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
}
return true;
}
开发者ID:0x24bin,项目名称:winexe-1,代码行数:29,代码来源:capability.c
示例15: ruid_uiiii
/* run in map_to_storage hook */
static int ruid_uiiii (request_rec *r)
{
if (!ap_is_initial_req(r)) {
return DECLINED;
}
int retval = ruid_set_perm(r, __func__);
int ncap;
cap_t cap;
cap_value_t capval[4];
/* clear capabilities from permitted set (permanent) */
if (cap_mode == RUID_CAP_MODE_DROP) {
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_DAC_READ_SEARCH;
ncap = 2;
if (root_handle == UNSET) capval[ncap++] = CAP_SYS_CHROOT;
cap_set_flag(cap,CAP_PERMITTED,ncap,capval,CAP_CLEAR);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed after setuid", MODULE_NAME, __func__);
retval = HTTP_FORBIDDEN;
}
cap_free(cap);
}
return retval;
}
开发者ID:bjacquin,项目名称:mod-ruid2,代码行数:32,代码来源:mod_ruid2.c
示例16: g_process_cap_save
/**
* g_process_cap_save:
*
* Save the set of current capabilities and return it. The caller might
* restore the saved set of capabilities by using cap_restore().
*
* Returns: the current set of capabilities
**/
cap_t
g_process_cap_save(void)
{
if (!process_opts.caps)
return NULL;
return cap_get_proc();
}
开发者ID:lmesz,项目名称:syslog-ng,代码行数:16,代码来源:gprocess.c
示例17: print_my_caps
void print_my_caps()
{
cap_t cap = cap_get_proc();
char *txt = cap_to_text(cap, NULL);
tst_resm(TINFO, "\ncaps are %s\n", txt);
cap_free(cap);
cap_free(txt);
}
开发者ID:Altiscale,项目名称:sig-core-t_ltp,代码行数:8,代码来源:verify_caps_exec.c
示例18: lower_my_caps
static void lower_my_caps(void)
{
struct __user_cap_header_struct caphdr = {
.version = _LINUX_CAPABILITY_VERSION
};
cap_user_data_t capdata;
ssize_t capstrlen = 0;
cap_t my_cap;
char *cap_text;
int capsz;
(void) capget(&caphdr, NULL);
switch (caphdr.version) {
case _LINUX_CAPABILITY_VERSION_1:
capsz = _LINUX_CAPABILITY_U32S_1;
break;
case _LINUX_CAPABILITY_VERSION_2:
capsz = _LINUX_CAPABILITY_U32S_2;
break;
default:
abort(); /* can't happen */
}
capdata = gsh_calloc(capsz, sizeof(struct __user_cap_data_struct));
caphdr.pid = getpid();
if (capget(&caphdr, capdata) != 0)
LogFatal(COMPONENT_INIT,
"Failed to query capabilities for process, errno=%u",
errno);
/* Set the capability bitmask to remove CAP_SYS_RESOURCE */
if (capdata->effective & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->effective &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capdata->permitted & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->permitted &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capdata->inheritable & CAP_TO_MASK(CAP_SYS_RESOURCE))
capdata->inheritable &= ~CAP_TO_MASK(CAP_SYS_RESOURCE);
if (capset(&caphdr, capdata) != 0)
LogFatal(COMPONENT_INIT,
"Failed to set capabilities for process, errno=%u",
errno);
else
LogEvent(COMPONENT_INIT,
"CAP_SYS_RESOURCE was successfully removed for proper quota management in FSAL");
/* Print newly set capabilities (same as what CLI "getpcaps" displays */
my_cap = cap_get_proc();
cap_text = cap_to_text(my_cap, &capstrlen);
LogEvent(COMPONENT_INIT, "currenty set capabilities are: %s",
cap_text);
cap_free(cap_text);
cap_free(my_cap);
gsh_free(capdata);
}
开发者ID:Anuradha-Talur,项目名称:nfs-ganesha,代码行数:58,代码来源:nfs_init.c
示例19: drop_caps
void drop_caps(const struct minijail *j)
{
cap_t caps = cap_get_proc();
cap_value_t flag[1];
const uint64_t one = 1;
unsigned int i;
if (!caps)
die("can't get process caps");
if (cap_clear_flag(caps, CAP_INHERITABLE))
die("can't clear inheritable caps");
if (cap_clear_flag(caps, CAP_EFFECTIVE))
die("can't clear effective caps");
if (cap_clear_flag(caps, CAP_PERMITTED))
die("can't clear permitted caps");
for (i = 0; i < sizeof(j->caps) * 8 && run_cap_valid(i); ++i) {
/* Keep CAP_SETPCAP for dropping bounding set bits. */
if (i != CAP_SETPCAP && !(j->caps & (one << i)))
continue;
flag[0] = i;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, flag, CAP_SET))
die("can't add effective cap");
if (cap_set_flag(caps, CAP_PERMITTED, 1, flag, CAP_SET))
die("can't add permitted cap");
if (cap_set_flag(caps, CAP_INHERITABLE, 1, flag, CAP_SET))
die("can't add inheritable cap");
}
if (cap_set_proc(caps))
die("can't apply initial cleaned capset");
/*
* Instead of dropping bounding set first, do it here in case
* the caller had a more permissive bounding set which could
* have been used above to raise a capability that wasn't already
* present. This requires CAP_SETPCAP, so we raised/kept it above.
*/
for (i = 0; i < sizeof(j->caps) * 8 && run_cap_valid(i); ++i) {
if (j->caps & (one << i))
continue;
if (prctl(PR_CAPBSET_DROP, i))
pdie("prctl(PR_CAPBSET_DROP)");
}
/* If CAP_SETPCAP wasn't specifically requested, now we remove it. */
if ((j->caps & (one << CAP_SETPCAP)) == 0) {
flag[0] = CAP_SETPCAP;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, flag, CAP_CLEAR))
die("can't clear effective cap");
if (cap_set_flag(caps, CAP_PERMITTED, 1, flag, CAP_CLEAR))
die("can't clear permitted cap");
if (cap_set_flag(caps, CAP_INHERITABLE, 1, flag, CAP_CLEAR))
die("can't clear inheritable cap");
}
if (cap_set_proc(caps))
die("can't apply final cleaned capset");
cap_free(caps);
}
开发者ID:oliof,项目名称:minijail,代码行数:58,代码来源:libminijail.c
示例20: main
int
main(int argc, char **argv)
{
cap_t cap;
cap_flag_value_t effective, permitted;
char bindf[PATH_MAX - 1];
int rv;
if (argc != 3)
usage();
cap = cap_get_proc();
if (cap == NULL) {
fprintf(stderr, "cap_get_proc() returned %s!\n",
strerror(errno));
exit(EXIT_FAILURE);
}
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &effective);
cap_get_flag(cap, CAP_SYS_ADMIN, CAP_PERMITTED, &permitted);
if ((effective != CAP_SET) && (permitted != CAP_SET)) {
fprintf(stderr, "E: missing 'cap_sys_admin' capability!\n"
"Please set it with: setcap cap_sys_admin=ep %s'\n",
argv[0]);
cap_free(cap);
exit(EXIT_FAILURE);
}
cap_free(cap);
/* Check that status file exists in masterdir */
rv = snprintf(bindf, sizeof(bindf), "%s/.%s_mount_bind_done",
argv[1], argv[2]);
if (rv < 0 || rv >= sizeof(bindf))
exit(EXIT_FAILURE);
if (access(bindf, R_OK) == -1) {
fprintf(stderr, "E: cannot umount %s/%s, missing "
"status file\n", argv[1], argv[2]);
exit(EXIT_FAILURE);
}
/* Security check passed, continue mounting */
rv = snprintf(bindf, sizeof(bindf), "%s/%s", argv[1], argv[2]);
if (rv < 0 || rv >= sizeof(bindf))
exit(EXIT_FAILURE);
if ((rv = umount(bindf)) != 0) {
fprintf(stderr, "E: cannot umount %s: %s\n", argv[1],
strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
开发者ID:xdave,项目名称:xbps-src,代码行数:54,代码来源:umount.c
注:本文中的cap_get_proc函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论