| From dee1bd6f9f24dc3a6d32129b90b19b90fb813729 Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
| Date: Thu, 9 Jul 2020 23:15:47 +0200 |
| Subject: [PATCH] basic/cap-list: parse/print numerical capabilities |
| |
| We would refuse to print capabilities which were didn't have a name |
| for. The kernel adds new capabilities from time to time, most recently |
| cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with |
| "Failed to parse bus message: Invalid argument" because |
| capability_set_to_string_alloc() would fail with -EINVAL. So let's |
| print such capabilities in hexadecimal: |
| |
| CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search |
| cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap |
| cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin |
| cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16 |
| 0x17 0x18 0x19 0x1a ... |
| |
| For symmetry, also allow capabilities that we don't know to be specified. |
| |
| Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736. |
| --- |
| src/basic/cap-list.c | 10 +++++++--- |
| 1 file changed, 7 insertions(+), 3 deletions(-) |
| |
| diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c |
| index bfcda33..56a81c7 100644 |
| --- a/src/basic/cap-list.c |
| +++ b/src/basic/cap-list.c |
| @@ -10,6 +10,7 @@ |
| #include "macro.h" |
| #include "missing.h" |
| #include "parse-util.h" |
| +#include "stdio-util.h" |
| #include "util.h" |
| |
| static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len); |
| @@ -37,7 +38,7 @@ int capability_from_name(const char *name) { |
| /* Try to parse numeric capability */ |
| r = safe_atoi(name, &i); |
| if (r >= 0) { |
| - if (i >= 0 && i < (int) ELEMENTSOF(capability_names)) |
| + if (i >= 0 && i < 64) |
| return i; |
| else |
| return -EINVAL; |
| @@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) { |
| for (i = 0; i < cap_last_cap(); i++) |
| if (set & (UINT64_C(1) << i)) { |
| const char *p; |
| + char buf[2 + 16 + 1]; |
| size_t add; |
| |
| p = capability_to_name(i); |
| - if (!p) |
| - return -EINVAL; |
| + if (!p) { |
| + xsprintf(buf, "0x%lx", i); |
| + p = buf; |
| + } |
| |
| add = strlen(p); |
| |
| -- |
| 2.29.2 |
| |