const char *capng_capability_to_name(unsigned int capability)
{
if (!cap_valid(capability))
return NULL;
return capng_lookup_number(captab, captab_msgstr.str,
CAP_NG_CAPABILITY_NAMES, capability);
}
void
linux_cap_change(int on, ...)
{
struct __user_cap_header_struct x;
struct __user_cap_data_struct s[3] = {};
x.version = _LINUX_CAPABILITY_VERSION_3;
x.pid = syscall(SYS_gettid);
if(syscall(SYS_capget, &x, s)) {
perror("capget");
exit(1);
}
va_list ap;
va_start(ap, on);
int cap;
while((cap = va_arg(ap, int)) != -1) {
if(!cap_valid(cap)) {
fprintf(stderr, "cap %d is not valid\n", cap);
exit(1);
}
if(on) {
s[CAP_TO_INDEX(cap)].effective |= CAP_TO_MASK(cap);
} else {
s[CAP_TO_INDEX(cap)].effective &= ~CAP_TO_MASK(cap);
}
}
if(syscall(SYS_capset, &x, s)) {
perror("capset");
exit(1);
}
}
int capng_update(capng_act_t action, capng_type_t type, unsigned int capability)
{
// Before updating, we expect that the data is initialized to something
if (m.state < CAPNG_INIT)
return -1;
if (!cap_valid(capability)) {
errno = EINVAL;
return -1;
}
if (m.cap_ver == 1) {
if (CAPNG_EFFECTIVE & type)
v1_update(action, capability, &m.data.v1.effective);
if (CAPNG_PERMITTED & type)
v1_update(action, capability, &m.data.v1.permitted);
if (CAPNG_INHERITABLE & type)
v1_update(action, capability, &m.data.v1.inheritable);
} else {
int idx;
if (capability > 31) {
idx = capability>>5;
capability %= 32;
} else