Line data Source code
1 : #ifndef HEADER_fd_src_app_fdctl_caps_h 2 : #define HEADER_fd_src_app_fdctl_caps_h 3 : 4 : #include "fdctl.h" 5 : 6 : /* API for checking capabilities, and accumulating information about 7 : what capabilities or permissions are missing that are required to run 8 : a particular binary or command. The expected usage is that a caller 9 : will initialize an empty caps context, and then repeatedly call 10 : `check_*` functions on it which will insert an error entry into the 11 : context if the required permission is not held. Once all permission 12 : checks are performed, the program can print a helpful diagnostic. 13 : 14 : These functions do not silently fail, and any issue retrieving 15 : capability information will cause the program to log an error and 16 : exit. */ 17 : 18 : #include <sys/resource.h> 19 : 20 0 : #define MAX_ERROR_MSG_LEN 256UL 21 : #define MAX_ERROR_ENTRIES 16UL 22 : 23 : struct fd_caps_ctx { 24 : ulong err_cnt; 25 : char err[ MAX_ERROR_ENTRIES ][ MAX_ERROR_MSG_LEN ]; 26 : }; 27 : typedef struct fd_caps_ctx fd_caps_ctx_t; 28 : 29 : /* fd_rlimit_res_t is the appropriate type for RLIMIT_{...} for the 30 : libc flavor in use. glibc with GNU_SOURCE redefines the type of 31 : the first arg to {get,set}rlimit(2), sigh ... */ 32 : 33 : #ifdef __GLIBC__ 34 : typedef __rlimit_resource_t fd_rlimit_res_t; 35 : #else /* non-glibc */ 36 : typedef int fd_rlimit_res_t; 37 : #endif /* __GLIBC__ */ 38 : 39 : FD_PROTOTYPES_BEGIN 40 : 41 : /* fd_caps_check_root() checks if the current process is running as the 42 : root user (with uid 0). If it's not, an entry is added to the caps 43 : context with the given reason indicating this. The function does not 44 : fail or return an error if the user is not root, it only adds an 45 : error to the context. 46 : 47 : ctx is a capability context to add any error into. If the context is 48 : full (the error cannot be added) the process will be aborted. The 49 : error message added to the context will include the name and reason 50 : strings provided. */ 51 : void 52 : fd_caps_check_root( fd_caps_ctx_t * ctx, 53 : char const * name, 54 : char const * reason ); 55 : 56 : /* fd_caps_check_cap() checks if the current process is running with the 57 : provided Linux capability. If it's not, an error entry is added to 58 : the caps context with the given reason. The function does not fail 59 : or return an error if the process does not have the capability, it 60 : only adds an error to the context. 61 : 62 : ctx is a capability context to add any error into. If the context is 63 : full (the error cannot be added) the process will be aborted. The 64 : error message added to the context will include the name and reason 65 : strings provided. */ 66 : void 67 : fd_caps_check_capability( fd_caps_ctx_t * ctx, 68 : char const * name, 69 : uint capability, 70 : char const * reason ); 71 : 72 : /* fd_caps_check_resource() checks if the current process is running 73 : with the provided resource, a RLIMIT_* constant, at or above the 74 : desired limit. If it is not, but the limit can be increased because 75 : the user is root or has the CAP_SYS_RESOURCE capability, then the 76 : limit will be increased within this function and the check will still 77 : succeed, no error entry will be generated. Only if we do not have 78 : the resource limit desired, and cannot increase it to get there, an 79 : error entry will be added to the caps context. If the resource is 80 : RLIMIT_NICE, the check will also succeed if the process has the 81 : CAP_SYS_NICE capability, and it successfully increases the NICE 82 : value on its own. 83 : 84 : ctx is a capability context to add any error into. If the context is 85 : full (the error cannot be added) the process will be aborted. The 86 : error message added to the context will include the name and reason 87 : strings provided. */ 88 : void 89 : fd_caps_check_resource( fd_caps_ctx_t * ctx, 90 : char const * name, 91 : fd_rlimit_res_t resource, 92 : ulong limit, 93 : char const * reason ); 94 : 95 : FD_PROTOTYPES_END 96 : 97 : #endif /* HEADER_fd_src_app_fdctl_caps_h */
