project-lakitu/sys-apps/systemd/files/246-basic-cap-list-parse-print-numerical-capabilities.patch - cos/overlays/board-overlays - Git at Google

 From dee1bd6f9f24dc3a6d32129b90b19b90fb813729 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Thu, 9 Jul 2020 23:15:47 +0200
 Subject: [PATCH] basic/cap-list: parse/print numerical capabilities

 We would refuse to print capabilities which were didn't have a name
 for. The kernel adds new capabilities from time to time, most recently
 cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
 "Failed to parse bus message: Invalid argument" because
 capability_set_to_string_alloc() would fail with -EINVAL. So let's
 print such capabilities in hexadecimal:

 CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
   cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
   cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
   cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
   0x17 0x18 0x19 0x1a ...

 For symmetry, also allow capabilities that we don't know to be specified.

 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
 ---
  src/basic/cap-list.c | 10 +++++++---
  1 file changed, 7 insertions(+), 3 deletions(-)

 diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
 index bfcda33..56a81c7 100644
 --- a/src/basic/cap-list.c
 +++ b/src/basic/cap-list.c
 @@ -10,6 +10,7 @@
  #include "macro.h"
  #include "missing.h"
  #include "parse-util.h"
 +#include "stdio-util.h"
  #include "util.h"

  static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
 @@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
          /* Try to parse numeric capability */
          r = safe_atoi(name, &i);
          if (r >= 0) {
 -                if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
 +                if (i >= 0 && i < 64)
                          return i;
                  else
                          return -EINVAL;
 @@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
          for (i = 0; i < cap_last_cap(); i++)
                  if (set & (UINT64_C(1) << i)) {
                          const char *p;
 +                        char buf[2 + 16 + 1];
                          size_t add;

                          p = capability_to_name(i);
 -                        if (!p)
 -                                return -EINVAL;
 +                        if (!p) {
 +                                xsprintf(buf, "0x%lx", i);
 +                                p = buf;
 +                        }

                          add = strlen(p);

 --
 2.29.2
	From dee1bd6f9f24dc3a6d32129b90b19b90fb813729 Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
	Date: Thu, 9 Jul 2020 23:15:47 +0200
	Subject: [PATCH] basic/cap-list: parse/print numerical capabilities

	We would refuse to print capabilities which were didn't have a name
	for. The kernel adds new capabilities from time to time, most recently
	cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
	"Failed to parse bus message: Invalid argument" because
	capability_set_to_string_alloc() would fail with -EINVAL. So let's
	print such capabilities in hexadecimal:

	CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
	cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
	cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
	cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
	0x17 0x18 0x19 0x1a ...

	For symmetry, also allow capabilities that we don't know to be specified.

	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
	---
	src/basic/cap-list.c \| 10 +++++++---
	1 file changed, 7 insertions(+), 3 deletions(-)

	diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
	index bfcda33..56a81c7 100644
	--- a/src/basic/cap-list.c
	+++ b/src/basic/cap-list.c
	@@ -10,6 +10,7 @@
	#include "macro.h"
	#include "missing.h"
	#include "parse-util.h"
	+#include "stdio-util.h"
	#include "util.h"

	static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
	@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
	/* Try to parse numeric capability */
	r = safe_atoi(name, &i);
	if (r >= 0) {
	- if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
	+ if (i >= 0 && i < 64)
	return i;
	else
	return -EINVAL;
	@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
	for (i = 0; i < cap_last_cap(); i++)
	if (set & (UINT64_C(1) << i)) {
	const char *p;
	+ char buf[2 + 16 + 1];
	size_t add;

	p = capability_to_name(i);
	- if (!p)
	- return -EINVAL;
	+ if (!p) {
	+ xsprintf(buf, "0x%lx", i);
	+ p = buf;
	+ }

	add = strlen(p);

	--
	2.29.2