logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0003-Use-external-string-to-cap-function.patch (2225B)


  1. From 0859d2570ddc7ff9ff5c7dc1309dea88eef2168a Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Tue, 4 Jul 2023 19:20:51 -0700
  4. Subject: [PATCH] Use external string-to-cap function
  5. ---
  6. bubblewrap.c | 16 +++++++++++-----
  7. 1 file changed, 11 insertions(+), 5 deletions(-)
  8. diff --git a/bubblewrap.c b/bubblewrap.c
  9. index d834618..bc53891 100644
  10. --- a/bubblewrap.c
  11. +++ b/bubblewrap.c
  12. @@ -30,8 +30,8 @@
  13. #include <sys/eventfd.h>
  14. #include <sys/fsuid.h>
  15. #include <sys/signalfd.h>
  16. -#include <sys/capability.h>
  17. #include <sys/prctl.h>
  18. +#include <linux/capability.h>
  19. #include <linux/sched.h>
  20. #include <linux/seccomp.h>
  21. #include <linux/filter.h>
  22. @@ -44,6 +44,10 @@
  23. #define CLONE_NEWCGROUP 0x02000000 /* New cgroup namespace */
  24. #endif
  25. +int capset(void *, void *);
  26. +int capget(void *, void *);
  27. +int cap_from_name(const char *);
  28. +
  29. /* We limit the size of a tmpfs to half the architecture's address space,
  30. * to avoid hitting arbitrary limits in the kernel.
  31. * For example, on at least one x86_64 machine, the actual limit seems to be
  32. @@ -2604,7 +2608,7 @@ parse_args_recurse (int *argcp,
  33. }
  34. else if (strcmp (arg, "--cap-add") == 0)
  35. {
  36. - cap_value_t cap;
  37. + int cap;
  38. if (argc < 2)
  39. die ("--cap-add takes an argument");
  40. @@ -2616,7 +2620,8 @@ parse_args_recurse (int *argcp,
  41. }
  42. else
  43. {
  44. - if (cap_from_name (argv[1], &cap) < 0)
  45. + cap = cap_from_name (argv[1]);
  46. + if (cap < 0)
  47. die ("unknown cap: %s", argv[1]);
  48. if (cap < 32)
  49. @@ -2630,7 +2635,7 @@ parse_args_recurse (int *argcp,
  50. }
  51. else if (strcmp (arg, "--cap-drop") == 0)
  52. {
  53. - cap_value_t cap;
  54. + int cap;
  55. if (argc < 2)
  56. die ("--cap-drop takes an argument");
  57. @@ -2642,7 +2647,8 @@ parse_args_recurse (int *argcp,
  58. }
  59. else
  60. {
  61. - if (cap_from_name (argv[1], &cap) < 0)
  62. + cap = cap_from_name (argv[1]);
  63. + if (cap < 0)
  64. die ("unknown cap: %s", argv[1]);
  65. if (cap < 32)
  66. --
  67. 2.44.0