nspawn: introduce --capability=all for retaining all capabilities
This commit is contained in:
Lennart Poettering
parent
89fffa2735
commit
39ed67d146
|
|
@ -310,8 +310,11 @@
|
|||
CAP_SYS_CHROOT, CAP_SYS_NICE,
|
||||
CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
|
||||
CAP_SYS_RESOURCE, CAP_SYS_BOOT,
|
||||
CAP_AUDIT_WRITE,
|
||||
CAP_AUDIT_CONTROL.</para></listitem>
|
||||
CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. If
|
||||
the special value
|
||||
<literal>all</literal> is passed all
|
||||
capabilities are
|
||||
retained.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -300,25 +300,29 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
size_t length;
|
||||
|
||||
FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) {
|
||||
_cleanup_free_ char *t;
|
||||
cap_value_t cap;
|
||||
char *t;
|
||||
|
||||
t = strndup(word, length);
|
||||
if (!t)
|
||||
return log_oom();
|
||||
|
||||
if (cap_from_name(t, &cap) < 0) {
|
||||
log_error("Failed to parse capability %s.", t);
|
||||
free(t);
|
||||
return -EINVAL;
|
||||
if (streq(t, "all")) {
|
||||
if (c == ARG_CAPABILITY)
|
||||
arg_retain = (uint64_t) -1;
|
||||
else
|
||||
arg_retain = 0;
|
||||
} else {
|
||||
if (cap_from_name(t, &cap) < 0) {
|
||||
log_error("Failed to parse capability %s.", t);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (c == ARG_CAPABILITY)
|
||||
arg_retain |= 1ULL << (uint64_t) cap;
|
||||
else
|
||||
arg_retain &= ~(1ULL << (uint64_t) cap);
|
||||
}
|
||||
|
||||
free(t);
|
||||
|
||||
if (c == ARG_CAPABILITY)
|
||||
arg_retain |= 1ULL << (uint64_t) cap;
|
||||
else
|
||||
arg_retain &= ~(1ULL << (uint64_t) cap);
|
||||
}
|
||||
|
||||
break;
|
||||
|
|
|
|||
Loading…
Reference in a new issue