diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2020-01-03 14:00:22 -0800 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2020-01-03 14:00:22 -0800 |
commit | f1f62a748d7c67361e91e32d26abafbfb03eeee4 (patch) | |
tree | 6006486eb4380a4fff648fd4232a4eabeb14edc7 /pam_cap | |
parent | 872d2ee59e29644d73b7530a27404a3d5c8ee42d (diff) | |
download | platform_external_libcap-f1f62a748d7c67361e91e32d26abafbfb03eeee4.tar.gz platform_external_libcap-f1f62a748d7c67361e91e32d26abafbfb03eeee4.tar.bz2 platform_external_libcap-f1f62a748d7c67361e91e32d26abafbfb03eeee4.zip |
Refactor the way we do the psx linkage in libcap.
Since we now have a serialized (linker trick) to initialize libcap
we can reliably compute the number of capabilities of the running
kernel in a race free way. Export the found number of capabilities
with the cap_max_bits() function. This is also what we now use in
both C and Go to define [all]=[eip]. In Go the equivalent function
is cap.MaxBits().
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'pam_cap')
-rw-r--r-- | pam_cap/pam_cap.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c index d4c1e65..a800f58 100644 --- a/pam_cap/pam_cap.c +++ b/pam_cap/pam_cap.c @@ -242,6 +242,10 @@ static int set_capabilities(struct pam_cap_s *cs) while (cap_get_bound(max_caps) >= 0) { max_caps++; } + if (max_caps != cap_max_bits()) { + D(("this vintage of libcap cannot be trusted; give up")); + goto cleanup_caps; + } has_bound = (max_caps != 0); if (has_bound) { bound = calloc(max_caps, sizeof(int)); |