src/lxc/caps.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #ifndef __LXC_CAPS_H
   4 #define __LXC_CAPS_H
   5
   6 #include <stdbool.h>
   7
   8 #include "config.h"
   9
  10 #if HAVE_LIBCAP
  11 #include <linux/types.h> /* workaround for libcap < 2.17 bug */
  12 #include <sys/capability.h>
  13
  14 extern int lxc_caps_down(void);
  15 extern int lxc_caps_up(void);
  16 extern int lxc_ambient_caps_up(void);
  17 extern int lxc_ambient_caps_down(void);
  18 extern int lxc_caps_init(void);
  19 extern int lxc_caps_last_cap(void);
  20 extern bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag);
  21 extern bool lxc_file_cap_is_set(const char *path, cap_value_t cap,
  22                                 cap_flag_t flag);
  23 #else
  24 static inline int lxc_caps_down(void)
  25 {
  26         return 0;
  27 }
  28
  29 static inline int lxc_caps_up(void)
  30 {
  31         return 0;
  32 }
  33
  34 static inline int lxc_ambient_caps_up(void)
  35 {
  36         return 0;
  37 }
  38
  39 static inline int lxc_ambient_caps_down(void)
  40 {
  41         return 0;
  42 }
  43
  44 static inline int lxc_caps_init(void)
  45 {
  46         return 0;
  47 }
  48
  49 static inline int lxc_caps_last_cap(void)
  50 {
  51         return 0;
  52 }
  53
  54 typedef int cap_value_t;
  55 typedef int cap_flag_t;
  56 static inline bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag)
  57 {
  58         return false;
  59 }
  60
  61 static inline bool lxc_file_cap_is_set(const char *path, cap_value_t cap,
  62                                        cap_flag_t flag)
  63 {
  64         return false;
  65 }
  66 #endif
  67
  68 #define lxc_priv(__lxc_function)                          \
  69         ({                                                \
  70                 __label__ out;                            \
  71                 int __ret, __ret2, ___errno = 0;          \
  72                 __ret = lxc_caps_up();                    \
  73                 if (__ret)                                \
  74                         goto out;                         \
  75                 __ret = __lxc_function;                   \
  76                 if (__ret)                                \
  77                         ___errno = errno;                 \
  78                 __ret2 = lxc_caps_down();                 \
  79         out:                                              \
  80                 __ret ? errno = ___errno, __ret : __ret2; \
  81         })
  82
  83 #define lxc_unpriv(__lxc_function)                        \
  84         ({                                                \
  85                 __label__ out;                            \
  86                 int __ret, __ret2, ___errno = 0;          \
  87                 __ret = lxc_caps_down();                  \
  88                 if (__ret)                                \
  89                         goto out;                         \
  90                 __ret = __lxc_function;                   \
  91                 if (__ret)                                \
  92                         ___errno = errno;                 \
  93                 __ret2 = lxc_caps_up();                   \
  94         out:                                              \
  95                 __ret ? errno = ___errno, __ret : __ret2; \
  96         })
  97 #endif