Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/quagga/patches/75-privs-basicprivset.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Wed, 29 Aug 2012 11:05:56 -0700
changeset 957 255465c5756f
parent 417 7c10b5cba79b
permissions -rw-r--r--
Close of build 04.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
417
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     1
 
diff --git lib/privs.c lib/privs.c
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     2
 
index d290a59..d4dcdf2 100644
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     3
 
--- lib/privs.c
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     4
 
+++ lib/privs.c
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     5
 
@@ -2,7 +2,7 @@
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     6
 
  * Zebra privileges.
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     7
 
  *
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     8
 
  * Copyright (C) 2003 Paul Jakma.
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
     9
 
- * Copyright (C) 2005 Sun Microsystems, Inc.
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    10
 
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    11
 
  *
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    12
 
  * This file is part of GNU Zebra.
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    13
 
  *
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    14
 
@@ -351,6 +351,26 @@ zprivs_caps_terminate (void)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    15
 
  * - http://blogs.sun.com/roller/page/gbrunett?entry=privilege_enabling_set_id_programs1
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    16
 
  */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    17
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    18
 
+static pset_t *
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    19
 
+zprivs_caps_minimal ()
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    20
 
+{
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    21
 
+  pset_t *minimal;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    22
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    23
 
+  if ((minimal = priv_str_to_set("basic", ",", NULL)) == NULL)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    24
 
+    {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    25
 
+      fprintf (stderr, "%s: couldn't get basic set!\n", __func__);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    26
 
+      exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    27
 
+    }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    28
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    29
 
+   /* create a minimal privilege set from the basic set */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    30
 
+  (void) priv_delset(minimal, PRIV_PROC_EXEC);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    31
 
+  (void) priv_delset(minimal, PRIV_PROC_INFO);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    32
 
+  (void) priv_delset(minimal, PRIV_PROC_SESSION);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    33
 
+  (void) priv_delset(minimal, PRIV_FILE_LINK_ANY);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    34
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    35
 
+  return  minimal;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    36
 
+}
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    37
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    38
 
 /* convert zebras privileges to system capabilities */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    39
 
 static pset_t *
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    40
 
 zcaps2sys (zebra_capabilities_t *zcaps, int num)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    41
 
@@ -379,26 +399,34 @@ zcaps2sys (zebra_capabilities_t *zcaps, int num)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    42
 
 int
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    43
 
 zprivs_change_caps (zebra_privs_ops_t op)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    44
 
 {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    45
 
+  pset_t *privset;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    46
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    47
 
   /* should be no possibility of being called without valid caps */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    48
 
   assert (zprivs_state.syscaps_p);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    49
 
   if (!zprivs_state.syscaps_p)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    50
 
     {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    51
 
+      fprintf (stderr, "%s: Eek, missing privileged caps!", __func__);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    52
 
+      exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    53
 
+    }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    54
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    55
 
+  assert (zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    56
 
+  if (!zprivs_state.caps)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    57
 
+    {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    58
 
       fprintf (stderr, "%s: Eek, missing caps!", __func__);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    59
 
       exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    60
 
     }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    61
 
-
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    62
 
-  /* to raise: copy original permitted into our working effective set
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    63
 
-   * to lower: just clear the working effective set
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    64
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    65
 
+  /* to raise: copy original permitted as our working effective set
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    66
 
+   * to lower: copy regular effective set stored in zprivs_state.caps
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    67
 
    */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    68
 
   if (op == ZPRIVS_RAISE)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    69
 
-    priv_copyset (zprivs_state.syscaps_p, zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    70
 
+    privset = zprivs_state.syscaps_p;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    71
 
   else if (op == ZPRIVS_LOWER)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    72
 
-    priv_emptyset (zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    73
 
+    privset = zprivs_state.caps;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    74
 
   else
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    75
 
     return -1;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    76
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    77
 
-  if (setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps) != 0)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    78
 
+  if (setppriv (PRIV_SET, PRIV_EFFECTIVE, privset) != 0)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    79
 
     return -1;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    80
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    81
 
   return 0;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    82
 
@@ -426,15 +454,15 @@ zprivs_state_caps (void)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    83
 
     }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    84
 
   else
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    85
 
     {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    86
 
-      if (priv_isemptyset (effective) == B_TRUE)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    87
 
+      if (priv_isequalset (effective, zprivs_state.syscaps_p))
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    88
 
+        result = ZPRIVS_RAISED;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    89
 
+      else if (priv_isequalset (effective, zprivs_state.caps))
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    90
 
         result = ZPRIVS_LOWERED;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    91
 
       else
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    92
 
-        result = ZPRIVS_RAISED;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    93
 
+        result = ZPRIVS_UNKNOWN;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    94
 
     }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    95
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    96
 
-  if (effective)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    97
 
-    priv_freeset (effective);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    98
 
-
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
    99
 
+  priv_freeset (effective);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   100
 
   return result;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   101
 
 }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   102
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   103
 
@@ -442,7 +470,7 @@ static void
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   104
 
 zprivs_caps_init (struct zebra_privs_t *zprivs)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   105
 
 {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   106
 
   pset_t *basic;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   107
 
-  pset_t *empty;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   108
 
+  pset_t *minimal;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   109
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   110
 
   /* the specified sets */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   111
 
   zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   112
 
@@ -470,14 +498,6 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   113
 
   priv_union (basic, zprivs_state.syscaps_p);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   114
 
   priv_freeset (basic);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   115
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   116
 
-  /* we need an empty set for 'effective', potentially for inheritable too */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   117
 
-  if ( (empty = priv_allocset()) == NULL)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   118
 
-    {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   119
 
-      fprintf (stderr, "%s: couldn't get empty set!\n", __func__);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   120
 
-      exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   121
 
-    }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   122
 
-  priv_emptyset (empty);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   123
 
-
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   124
 
   /* Hey kernel, we know about privileges!
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   125
 
    * this isn't strictly required, use of setppriv should have same effect
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   126
 
    */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   127
 
@@ -520,16 +540,19 @@ zprivs_caps_init (struct zebra_privs_t *zprivs)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   128
 
       exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   129
 
     }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   130
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   131
 
-  /* now clear the effective set and we're ready to go */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   132
 
-  if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty))
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   133
 
+  /* we need a minimal basic set for 'effective', potentially for inheritable too */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   134
 
+  minimal = zprivs_caps_minimal();
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   135
 
+
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   136
 
+  /* now set the effective set with a subset of basic privileges */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   137
 
+  if (setppriv (PRIV_SET, PRIV_EFFECTIVE, minimal))
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   138
 
     {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   139
 
       fprintf (stderr, "%s: error setting effective set!, %s\n", __func__,
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   140
 
                safe_strerror (errno) );
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   141
 
       exit (1);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   142
 
     }
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   143
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   144
 
-  /* we'll use this as our working-storage privset */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   145
 
-  zprivs_state.caps = empty;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   146
 
+  /* we'll use the minimal set as our working-storage privset */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   147
 
+  zprivs_state.caps = minimal;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   148
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   149
 
   /* set methods for the caller to use */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   150
 
   zprivs->change = zprivs_change_caps;
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   151
 
@@ -541,8 +564,7 @@ zprivs_caps_terminate (void)
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   152
 
 {
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   153
 
   assert (zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   154
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   155
 
-  /* clear all capabilities */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   156
 
-  priv_emptyset (zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   157
 
+  /* clear all capabilities by using working-storage privset */
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   158
 
   setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   159
 
   setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.caps);
7c10b5cba79b 7066915 Move Quagga to Userland
Brian Utterback <Brian.Utterback@Oracle.COM>
parents:
diff changeset 
   160
 
   setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.caps);
upstream/oracle/userland-gate