本文整理汇总了C++中cap_get_proc函数的典型用法代码示例。如果您正苦于以下问题:C++ cap_get_proc函数的具体用法?C++ cap_get_proc怎么用?C++ cap_get_proc使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了cap_get_proc函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: main
int
main(int argc, char *argv[])
{
cap_t caps;
pid_t pid;
int r;
/* Create child; child commences execution in childFunc() */
printf("******* info of the parent process - start ********\n");
caps = cap_get_proc();
printf("Before unshare, the capabilities are:\n");
printf("capabilities: %s\n", cap_to_text(caps, NULL));
r = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER );
if(r == -1) {
printf("unshare failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
caps = cap_get_proc();
printf("After unshare, the capabilities are:\n");
printf("capabilities: %s\n", cap_to_text(caps, NULL));
printf("the process pid is: %ld\n", (long)getpid());
r = execlp("sh", "sh", (char *)0);
if(r == -1) {
printf("execlp failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}示例2: ruid_suidback
/* run during request cleanup */
static apr_status_t ruid_suidback (void *data)
{
request_rec *r = data;
ruid_config_t *conf = ap_get_module_config (r->server->module_config, &ruid2_module);
core_server_config *core = (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
cap_t cap;
cap_value_t capval[3];
if (cap_mode == RUID_CAP_MODE_KEEP) {
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_SYS_CHROOT;
cap_set_flag(cap, CAP_EFFECTIVE, (conf->chroot_dir ? 3 : 2), capval, CAP_SET);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed before setuid", MODULE_NAME, __func__);
}
cap_free(cap);
setgroups(startup_groupsnr, startup_groups);
setgid(ap_unixd_config.group_id);
setuid(ap_unixd_config.user_id);
/* set httpd process dumpable after setuid */
if (coredump) {
prctl(PR_SET_DUMPABLE,1);
}
/* jail break */
if (conf->chroot_dir) {
if (fchdir(root_handle) < 0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s failed to fchdir to root dir (%d) (%s)", MODULE_NAME, root_handle, strerror(errno));
} else {
if (chroot(".") != 0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s jail break failed", MODULE_NAME);
}
}
core->ap_document_root = old_root;
}
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_SYS_CHROOT;
cap_set_flag(cap, CAP_EFFECTIVE, 3, capval, CAP_CLEAR);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed after setuid", MODULE_NAME, __func__);
}
cap_free(cap);
}
return DECLINED;
}示例3: sysnet_get_permissions
static int sysnet_get_permissions()
{
cap_t caps = cap_get_proc();
if (caps == NULL) {
perror("cap_get_proc()");
return errno;
}
cap_value_t cap_list = CAP_NET_ADMIN;
int error = 0;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_list, CAP_SET) == -1) {
error = errno;
perror("cap_set_flags(CAP_NET_ADMIN)");
}
if (cap_set_proc(caps) == -1) {
error = errno;
perror("cap_set_proc(CAP_NET_ADMIN)");
}
if (cap_free(caps) == -1) {
error = errno;
perror("cap_free()");
}
return error;
}示例4: bin_cap
static int
bin_cap(char *nam, char **argv, UNUSED(Options ops), UNUSED(int func))
{
int ret = 0;
cap_t caps;
if(*argv) {
unmetafy(*argv, NULL);
caps = cap_from_text(*argv);
if(!caps) {
zwarnnam(nam, "invalid capability string");
return 1;
}
if(cap_set_proc(caps)) {
zwarnnam(nam, "can't change capabilities: %e", errno);
ret = 1;
}
} else {
char *result = NULL;
ssize_t length;
caps = cap_get_proc();
if(caps)
result = cap_to_text(caps, &length);
if(!caps || !result) {
zwarnnam(nam, "can't get capabilities: %e", errno);
ret = 1;
} else
puts(result);
}
cap_free(caps);
return ret;
}示例5: modify_capability
int modify_capability(cap_value_t cap, cap_flag_value_t on)
{
cap_t cap_p = cap_get_proc();
cap_flag_value_t cap_ok;
int rc = -1;
if (!cap_p) {
perror("ping: cap_get_proc");
goto out;
}
cap_ok = CAP_CLEAR;
cap_get_flag(cap_p, cap, CAP_PERMITTED, &cap_ok);
if (cap_ok == CAP_CLEAR) {
rc = on ? -1 : 0;
goto out;
}
cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap, on);
if (cap_set_proc(cap_p) < 0) {
perror("ping: cap_set_proc");
goto out;
}
cap_free(cap_p);
rc = 0;
out:
if (cap_p)
cap_free(cap_p);
return rc;
}示例6: main
int main(int argc, char *argv[])
{
#ifdef HAVE_LIBCAP
cap_t cap = cap_get_proc();
int fd;
int seqno = 0;
char buf[2000];
if (argc > 1)
seqno = atoi(argv[1]);
if (!cap) {
perror("print_caps - cap_get_proc");
exit(1);
}
fd = open(FIFOFILE, O_WRONLY);
if (!fd) {
perror("print_caps: open fifo");
exit(2);
}
snprintf(buf, 2000, "%d.%s", seqno, cap_to_text(cap, NULL));
write(fd, buf, strlen(buf)+1);
close(fd);
cap_free(cap);
#endif
return 0;
}示例7: cap_check
static capa_status cap_check(cap_value_t capa, user_interaction & ui, bool verbose, const std::string & capa_name)
{
capa_status ret = capa_unknown;
cap_t capaset = cap_get_proc();
cap_flag_value_t val;
try
{
if(cap_get_flag(capaset, capa, CAP_EFFECTIVE, &val) == 0)
ret = (val == CAP_SET) ? capa_set : capa_clear;
else
{
ret = capa_unknown;
if(verbose)
{
string tmp = strerror(errno);
ui.printf(gettext("Error met while checking for capability %S: %S"), &capa_name, &tmp);
}
}
}
catch(...) // well a try/catch may seems useless here, but it does not hurt ... :-)
{
cap_free(capaset);
throw;
}
cap_free(capaset);
return ret;
}示例8: lxc_caps_down
int lxc_caps_down(void)
{
cap_t caps;
int ret;
/* when we are run as root, we don't want to play
* with the capabilities */
if (!getuid())
return 0;
caps = cap_get_proc();
if (!caps) {
ERROR("failed to cap_get_proc: %m");
return -1;
}
ret = cap_clear_flag(caps, CAP_EFFECTIVE);
if (ret) {
ERROR("failed to cap_clear_flag: %m");
goto out;
}
ret = cap_set_proc(caps);
if (ret) {
ERROR("failed to cap_set_proc: %m");
goto out;
}
out:
cap_free(caps);
return 0;
}示例9: debug_print_caps
void debug_print_caps(char *when)
{
char buf[2000];
tst_resm(TINFO, "%s", when);
snprintf(buf, 2000, "%s", cap_to_text(cap_get_proc(), NULL));
tst_resm(TINFO, "%s", buf);
}示例10: lxc_caps_check
/*
* check if we have the caps needed to start a container. returns 1 on
* success, 0 on error. (I'd prefer this be a bool, but am afraid that
* might fail to build on some distros).
*/
int lxc_caps_check(void)
{
uid_t uid = getuid();
cap_t caps;
cap_flag_value_t value;
int i, ret;
cap_value_t needed_caps[] = { CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID };
#define NUMCAPS ((int) (sizeof(needed_caps) / sizeof(cap_t)))
if (!uid)
return 1;
caps = cap_get_proc();
if (!caps) {
ERROR("failed to cap_get_proc: %m");
return 0;
}
for (i=0; i<NUMCAPS; i++) {
ret = cap_get_flag(caps, needed_caps[i], CAP_EFFECTIVE, &value);
if (ret) {
ERROR("Failed to cap_get_flag: %m");
return 0;
}
if (!value) {
return 0;
}
}
return 1;
}示例11: modify_cap
int
modify_cap (int capability, int setting)
{
cap_t caps;
cap_value_t capList[1];
caps = cap_get_proc ();
if (caps == NULL)
return -1;
capList[0] = capability;
if (cap_set_flag (caps, CAP_EFFECTIVE, 1, capList, setting) == -1) {
cap_free (caps);
return -1;
}
if (cap_set_proc (caps) == -1) {
cap_free (caps);
return -1;
}
if (cap_free (caps) == -1)
return -1;
return 0;
}示例12: modify_capability
int modify_capability(cap_value_t cap, cap_flag_value_t on)
{
cap_t cap_p = cap_get_proc();
if (!cap_p) {
perror("cap_get_proc");
return -1;
}
if (cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap, on) < 0) {
perror("cap_set_flag");
return -1;
}
if (cap_set_proc(cap_p) < 0) {
perror("cap_set_proc");
return -1;
}
if (cap_free(cap_p) < 0) {
perror("cap_free");
return -1;
}
return 0;
}示例13: capabilities
/**************************************************************************
Try and abstract process capabilities (for systems that have them).
****************************************************************************/
static BOOL set_process_capability( uint32 cap_flag, BOOL enable )
{
if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
cap_t cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_process_capability: cap_get_proc failed. Error was %s\n",
strerror(errno)));
return False;
}
if(enable)
cap->cap_effective |= CAP_NETWORK_MGT;
else
cap->cap_effective &= ~CAP_NETWORK_MGT;
if (cap_set_proc(cap) == -1) {
DEBUG(0,("set_process_capability: cap_set_proc failed. Error was %s\n",
strerror(errno)));
cap_free(cap);
return False;
}
cap_free(cap);
DEBUG(10,("set_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
}
return True;
}示例14: set_inherited_process_capability
static bool set_inherited_process_capability( uint32_t cap_flag, bool enable )
{
if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
cap_t cap = cap_get_proc();
if (cap == NULL) {
DEBUG(0,("set_inherited_process_capability: cap_get_proc failed. Error was %s\n",
strerror(errno)));
return false;
}
if(enable)
cap->cap_inheritable |= CAP_NETWORK_MGT;
else
cap->cap_inheritable &= ~CAP_NETWORK_MGT;
if (cap_set_proc(cap) == -1) {
DEBUG(0,("set_inherited_process_capability: cap_set_proc failed. Error was %s\n",
strerror(errno)));
cap_free(cap);
return false;
}
cap_free(cap);
DEBUG(10,("set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
}
return true;
}示例15: ruid_uiiii
/* run in map_to_storage hook */
static int ruid_uiiii (request_rec *r)
{
if (!ap_is_initial_req(r)) {
return DECLINED;
}
int retval = ruid_set_perm(r, __func__);
int ncap;
cap_t cap;
cap_value_t capval[4];
/* clear capabilities from permitted set (permanent) */
if (cap_mode == RUID_CAP_MODE_DROP) {
cap=cap_get_proc();
capval[0]=CAP_SETUID;
capval[1]=CAP_SETGID;
capval[2]=CAP_DAC_READ_SEARCH;
ncap = 2;
if (root_handle == UNSET) capval[ncap++] = CAP_SYS_CHROOT;
cap_set_flag(cap,CAP_PERMITTED,ncap,capval,CAP_CLEAR);
if (cap_set_proc(cap)!=0) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL, "%s CRITICAL ERROR %s:cap_set_proc failed after setuid", MODULE_NAME, __func__);
retval = HTTP_FORBIDDEN;
}
cap_free(cap);
}
return retval;
}