[pve-lxc-syscalld.git] / src / capability.rs

use std::io;
use std::os::raw::{c_int, c_ulong};

bitflags::bitflags! {
    pub struct SecureBits: c_ulong {
        const NOROOT                        = 0b0_0000_0001;
        const NOROOT_LOCKED                 = 0b0_0000_0010;
        const NO_SETUID_FIXUP               = 0b0_0000_0100;
        const NO_SETUID_FIXUP_LOCKED        = 0b0_0000_1000;
        const KEEP_CAPS                     = 0b0_0001_0000;
        const KEEP_CAPS_LOCKED              = 0b0_0010_0000;
        const NO_CAP_AMBIENT_RAISE          = 0b0_0100_0000;
        const NO_CAP_AMBIENT_RAISE_LOCKED   = 0b0_1000_0000;

        const ALL_BITS                      = 0b0_0101_0101;
        const ALL_LOCKS                     = 0b0_1010_1010;
    }
}

impl SecureBits {
    pub fn apply(self) -> io::Result<()> {
        c_result!(unsafe { libc::prctl(libc::PR_SET_SECUREBITS, self.bits()) })?;
        Ok(())
    }

    pub fn get_current() -> io::Result<Self> {
        let bits = c_result!(unsafe { libc::prctl(libc::PR_GET_SECUREBITS) })?;
        Self::from_bits(bits as _)
            .ok_or_else(|| io_format_err!("prctl() returned unknown securebits"))
    }
}

#[derive(Clone, Default)]
pub struct Capabilities {
    pub inheritable: u64,
    pub permitted: u64,
    pub effective: u64,
    //bounding: u64, // we don't care currently
}

// Too lazy to bindgen libcap stuff...
const CAPABILITY_VERSION_3: u32 = 0x2008_0522;

/// Represents process capabilities.
///
/// This can be used to change the process' capability sets (if permitted by the kernel).
impl Capabilities {
    // We currently don't implement capget as it takes a pid which is racy on kernels without pidfd
    // support. Later on we might support a `capget(&PidFd)` method?

    /// Change our process capabilities. This does not include the bounding set.
    pub fn capset(&self) -> io::Result<()> {
        // kernel abi:
        #[allow(dead_code)]
        struct Header {
            version: u32,
            pid: c_int,
        }

        #[allow(dead_code)]
        struct Data {
            effective: u32,
            permitted: u32,
            inheritable: u32,
        }

        let header = Header {
            version: CAPABILITY_VERSION_3,
            pid: 0, // equivalent to gettid(),
        };

        let data = [
            Data {
                effective: self.effective as u32,
                permitted: self.permitted as u32,
                inheritable: self.inheritable as u32,
            },
            Data {
                effective: (self.effective >> 32) as u32,
                permitted: (self.permitted >> 32) as u32,
                inheritable: (self.inheritable >> 32) as u32,
            },
        ];

        c_try!(unsafe { libc::syscall(libc::SYS_capset, &header, &data) });

        Ok(())
    }
}
Commit	Line	Data
738dbfbe	1	use std::io;
3bbd1db0	2	use std::os::raw::{c_int, c_ulong};
738dbfbe	3
738dbfbe WB	4	bitflags::bitflags! {
738dbfbe WB	5	pub struct SecureBits: c_ulong {
bd05b957 WB	6	const NOROOT = 0b0_0000_0001;
	7	const NOROOT_LOCKED = 0b0_0000_0010;
	8	const NO_SETUID_FIXUP = 0b0_0000_0100;
	9	const NO_SETUID_FIXUP_LOCKED = 0b0_0000_1000;
	10	const KEEP_CAPS = 0b0_0001_0000;
	11	const KEEP_CAPS_LOCKED = 0b0_0010_0000;
	12	const NO_CAP_AMBIENT_RAISE = 0b0_0100_0000;
	13	const NO_CAP_AMBIENT_RAISE_LOCKED = 0b0_1000_0000;
738dbfbe	14
bd05b957 WB	15	const ALL_BITS = 0b0_0101_0101;
bd05b957 WB	16	const ALL_LOCKS = 0b0_1010_1010;
738dbfbe WB	17	}
	18	}
	19
	20	impl SecureBits {
baedb4ca	21	pub fn apply(self) -> io::Result<()> {
a18b03f3	22	c_result!(unsafe { libc::prctl(libc::PR_SET_SECUREBITS, self.bits()) })?;
738dbfbe WB	23	Ok(())
	24	}
	25
	26	pub fn get_current() -> io::Result<Self> {
a18b03f3	27	let bits = c_result!(unsafe { libc::prctl(libc::PR_GET_SECUREBITS) })?;
738dbfbe WB	28	Self::from_bits(bits as _)
	29	.ok_or_else(\|\| io_format_err!("prctl() returned unknown securebits"))
	30	}
	31	}
3bbd1db0 WB	32
	33	#[derive(Clone, Default)]
	34	pub struct Capabilities {
	35	pub inheritable: u64,
	36	pub permitted: u64,
	37	pub effective: u64,
	38	//bounding: u64, // we don't care currently
	39	}
	40
	41	// Too lazy to bindgen libcap stuff...
	42	const CAPABILITY_VERSION_3: u32 = 0x2008_0522;
	43
	44	/// Represents process capabilities.
	45	///
	46	/// This can be used to change the process' capability sets (if permitted by the kernel).
	47	impl Capabilities {
	48	// We currently don't implement capget as it takes a pid which is racy on kernels without pidfd
	49	// support. Later on we might support a `capget(&PidFd)` method?
	50
	51	/// Change our process capabilities. This does not include the bounding set.
	52	pub fn capset(&self) -> io::Result<()> {
3bbd1db0	53	// kernel abi:
5bd0c562	54	#[allow(dead_code)]
3bbd1db0 WB	55	struct Header {
	56	version: u32,
	57	pid: c_int,
	58	}
	59
5bd0c562	60	#[allow(dead_code)]
3bbd1db0 WB	61	struct Data {
	62	effective: u32,
	63	permitted: u32,
	64	inheritable: u32,
	65	}
	66
	67	let header = Header {
	68	version: CAPABILITY_VERSION_3,
	69	pid: 0, // equivalent to gettid(),
	70	};
	71
	72	let data = [
	73	Data {
	74	effective: self.effective as u32,
	75	permitted: self.permitted as u32,
	76	inheritable: self.inheritable as u32,
	77	},
	78	Data {
	79	effective: (self.effective >> 32) as u32,
	80	permitted: (self.permitted >> 32) as u32,
	81	inheritable: (self.inheritable >> 32) as u32,
	82	},
	83	];
	84
	85	c_try!(unsafe { libc::syscall(libc::SYS_capset, &header, &data) });
	86
	87	Ok(())
	88	}
	89	}