if (nsjconf->keep_caps) {
for (size_t i = 0; i < ARRAYSIZE(capNames); i++) {
if (capsGetCap(cap_orig, capNames[i].val, CAP_PERMITTED) == CAP_SET) {
+ LOG_D("Adding '%s' capability to the inheritable set",
+ capNames[i].name);
capsSetCap(cap_new, capNames[i].val, CAP_INHERITABLE);
} else {
capsClrFlag(cap_new, capNames[i].val, CAP_INHERITABLE);
capsFree(cap_new);
return false;
}
+ LOG_D("Adding '%s' capability to the inheritable set",
+ capsValToStr(p->val));
capsSetCap(cap_new, p->val, CAP_INHERITABLE);
}
}
if (capsGetCap(cap_orig, capNames[i].val, CAP_PERMITTED) != CAP_SET) {
continue;
}
+ LOG_D("Adding '%s' capability to the ambient set", capNames[i].name);
if (prctl
(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)capNames[i].val,
0UL, 0UL) == -1) {
} else {
struct ints_t *p;
TAILQ_FOREACH(p, &nsjconf->caps, pointers) {
+ LOG_D("Adding '%s' capability to the ambient set", capsValToStr(p->val));
if (prctl
(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)p->val, 0UL,
0UL) == -1) {
projects / platform / upstream / nsjail.git / commitdiff