picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

exec: Assigning the empty string to CapabilityBoundSet= should drop all caps 

Previously, it would set all caps, but it should drop them all, anything
else makes little sense.

Also, document that this works as it does, and what to do in order to
assign all caps to the bounding set.

https://bugzilla.redhat.com/show_bug.cgi?id=914705
This commit is contained in:
Lennart Poettering 2013-03-22 23:25:54 +01:00
parent 6af274272a
commit d91c34f21f
3 changed files with 31 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
man/systemd.exec.xml
View File

@ -719,29 +719,38 @@
for details. Takes a whitespace
separated list of capability names as
read by
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
<citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
e.g. <literal>CAP_SYS_ADMIN
CAP_DAC_OVERRIDE
CAP_SYS_PTRACE</literal>.
Capabilities listed will be included
in the bounding set, all others are
removed. If the list of capabilities
is prefixed with ~ all but the listed
capabilities will be included, the
effect of the assignment
inverted. Note that this option also
effects the respective capabilities in
the effective, permitted and
inheritable capability sets, on top of
what <varname>Capabilities=</varname>
is prefixed with <literal>~</literal>
all but the listed capabilities will
be included, the effect of the
assignment inverted. Note that this
option also affects the respective
capabilities in the effective,
permitted and inheritable capability
sets, on top of what
<varname>Capabilities=</varname>
does. If this option is not used the
capability bounding set is not
modified on process execution, hence
no limits on the capabilities of the
process are enforced. This option may
appear more than once in which case
the bounding sets are merged. If the empty
string is assigned to this option the
bounding set is reset, and all prior
settings have no
effect.</para></listitem>
the bounding sets are merged. If the
empty string is assigned to this
option the bounding set is reset to
the empty capability set, and all
prior settings have no effect. If set
to <literal>~</literal> (without any
further argument) the bounding set is
reset to the full set of available
capabilities, also undoing any
previous settings.</para></listitem>
</varlistentry>
<varlistentry>

6
src/core/load-fragment.c
View File

@ -889,12 +889,6 @@ int config_parse_bounding_set(
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* An empty assignment resets */
*capability_bounding_set_drop = 0;
return 0;
}
if (rvalue[0] == '~') {
invert = true;
rvalue++;

9
src/core/unit.c
View File

@ -2645,7 +2645,14 @@ int unit_kill(Unit *u, KillWho w, int signo, DBusError *error) {
return UNIT_VTABLE(u)->kill(u, w, signo, error);
}
int unit_kill_common(Unit *u, KillWho who, int signo, pid_t main_pid, pid_t control_pid, DBusError *error) {
int unit_kill_common(
Unit *u,
KillWho who,
int signo,
pid_t main_pid,
pid_t control_pid,
DBusError *error) {
int r = 0;
if (who == KILL_MAIN && main_pid <= 0) {