Line data Source code
1 : #ifndef HEADER_fd_src_app_shared_fd_cap_chk_h 2 : #define HEADER_fd_src_app_shared_fd_cap_chk_h 3 : 4 : #include "../../util/fd_util_base.h" 5 : 6 : /* A fd_cap_chk provides mechanisms to check what capabilities or 7 : permissions are available to the caller, and if they are missing, 8 : accumulates error information to be reported later. 9 : 10 : A typical caller will repeatedly call check_* functions for all 11 : the required capabilities, and then after that, if there are errors, 12 : it could exit or print them to a user. 13 : 14 : Functions in the capability checker do not return errors and do not 15 : silently fail. If there is any environment issue which prevents the 16 : correct information being retrieved, the program will log an error 17 : and terminate immediately. */ 18 : 19 : struct fd_cap_chk_private; 20 : typedef struct fd_cap_chk_private fd_cap_chk_t; 21 : 22 0 : #define FD_CAP_CHK_ALIGN (8UL) 23 0 : #define FD_CAP_CHK_FOOTPRINT (4104UL) 24 : 25 : FD_PROTOTYPES_BEGIN 26 : 27 : FD_FN_CONST static inline ulong 28 0 : fd_cap_chk_align( void ) { 29 0 : return FD_CAP_CHK_ALIGN; 30 0 : } 31 : 32 : FD_FN_CONST static inline ulong 33 0 : fd_cap_chk_footprint( void ) { 34 0 : return FD_CAP_CHK_FOOTPRINT; 35 0 : } 36 : 37 : void * 38 : fd_cap_chk_new( void * shmem ); 39 : 40 : fd_cap_chk_t * 41 : fd_cap_chk_join( void * shchk ); 42 : 43 : /* fd_cap_chk_root() checks if the current process is running as the 44 : root user (with uid 0). If it's not, an entry is accumulated with 45 : an appropriate reason indicating this. 46 : 47 : name and reason are strings which are used to format the diagnostic 48 : error missage, in case the caller is not running as the root user. */ 49 : 50 : void 51 : fd_cap_chk_root( fd_cap_chk_t * chk, 52 : char const * name, 53 : char const * reason ); 54 : 55 : /* fd_cap_chk_cap() checks if the current process is running with the 56 : given Linux capability. If it's not, an entry is accumulated with an 57 : appropriate reason indicating this. 58 : 59 : name and reason are strings which are used to format the diagnostic 60 : error missage, in case the caller is not running as the root user. */ 61 : 62 : void 63 : fd_cap_chk_cap( fd_cap_chk_t * chk, 64 : char const * name, 65 : uint capability, 66 : char const * reason ); 67 : 68 : /* fd_cap_chk_raise_rlimit() checks if the current process is running 69 : with the provided resource, a RLIMIT_* constant, at or above the 70 : desired limit. 71 : 72 : If it is not, but the limit can be raised to the required level 73 : because the user is root or has the CAP_SYS_RESOURCE capability, then 74 : the limit will be increased within this function and the check will 75 : still succeed, no error entry will be accumulated. Only if the 76 : calling process does not have the resource limit desired, and cannot 77 : increase it to get there, an error entry will be accumulated. 78 : 79 : If the resource is RLIMIT_NICE, the check will also succeed if the 80 : process has the CAP_SYS_NICE capability, and it successfully 81 : increases the NICE value on its own. 82 : 83 : name and reason are strings which are used to format the diagnostic 84 : error missage, in case the caller is not running as the root user. */ 85 : 86 : void 87 : fd_cap_chk_raise_rlimit( fd_cap_chk_t * chk, 88 : char const * name, 89 : int resource, 90 : ulong limit, 91 : char const * reason ); 92 : 93 : /* fd_cap_chk_err_cnt() returns the number of error entries accumulated 94 : in the capability checker. */ 95 : 96 : ulong 97 : fd_cap_chk_err_cnt( fd_cap_chk_t const * chk ); 98 : 99 : /* fd_cap_chk_err() returns the error message at the given index. The 100 : index must be less than the number of errors returned by 101 : fd_cap_chk_err_cnt(). */ 102 : 103 : char const * 104 : fd_cap_chk_err( fd_cap_chk_t const * chk, 105 : ulong idx ); 106 : 107 : FD_PROTOTYPES_END 108 : 109 : #endif /* HEADER_fd_src_app_shared_fd_cap_chk_h */
