if (ctx->capability_mask & (1LL << cap))
continue;
- if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
+ if (prctl(PR_CAPBSET_DROP, prctl_arg(cap), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0))) {
SYSERROR("Failed to drop capability %d", cap);
return -1;
}
if ((init_ctx->container && init_ctx->container->lxc_conf &&
init_ctx->container->lxc_conf->no_new_privs) ||
(options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
- ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
if (ret < 0)
goto on_error;
}
for (cap = 0; cap <= last_cap; cap++) {
- ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0);
+ ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_RAISE),
+ prctl_arg(cap), prctl_arg(0), prctl_arg(0));
if (ret < 0) {
SYSWARN("Failed to raise ambient capability %d", cap);
goto out;
if (!getuid())
return 0;
- ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
+ ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_CLEAR_ALL),
+ prctl_arg(0), prctl_arg(0), prctl_arg(0));
if (ret < 0) {
SYSERROR("Failed to clear ambient capability set");
return -1;
INFO("Command is run as setuid root (uid: %d)", uid);
- ret = prctl(PR_SET_KEEPCAPS, 1);
+ ret = prctl(PR_SET_KEEPCAPS, prctl_arg(1));
if (ret < 0) {
SYSERROR("Failed to set PR_SET_KEEPCAPS");
return -1;
/* Try to get it manually by trying to get the status of each
* capability individually from the kernel.
*/
- while (prctl(PR_CAPBSET_READ, cap) >= 0)
+ while (prctl(PR_CAPBSET_READ, prctl_arg(cap)) >= 0)
cap++;
result = cap - 1;
return -1;
}
- ret = prctl(PR_CAPBSET_DROP, capid, 0, 0, 0);
+ ret = prctl(PR_CAPBSET_DROP, prctl_arg(capid), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
if (ret < 0) {
SYSERROR("Failed to remove %s capability", drop_entry);
return -1;
if (caplist[i])
continue;
- ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+ ret = prctl(PR_CAPBSET_DROP, prctl_arg(i), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
if (ret < 0) {
SYSERROR("Failed to remove capability %d", i);
return -1;
#include "initutils.h"
#include "log.h"
+#include "macro.h"
#ifndef HAVE_STRLCPY
#include "include/strlcpy.h"
.exe_fd = -1,
};
- ret = prctl(PR_SET_MM, PR_SET_MM_MAP, (long) &prctl_map, sizeof(prctl_map), 0);
+ ret = prctl(PR_SET_MM, prctl_arg(PR_SET_MM_MAP), prctl_arg(&prctl_map),
+ prctl_arg(sizeof(prctl_map)), prctl_arg(0));
if (ret == 0)
(void)strlcpy((char*)arg_start, title, len);
else
(__iterator = __it); \
__iterator = __it = strtok_r(NULL, __separators, &__p))
+#define prctl_arg(x) ((unsigned long)x)
+
#endif /* __LXC_MACRO_H */
if (ret < 0 && (handler->am_root || errno != EPERM))
goto out_warn_father;
- ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+ ret = prctl(PR_SET_DUMPABLE, prctl_arg(1), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
if (ret < 0)
goto out_warn_father;
* before we aren't allowed anymore.
*/
if (handler->conf->no_new_privs) {
- ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+ ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
if (ret < 0) {
SYSERROR("Could not set PR_SET_NO_NEW_PRIVS to block "
"execve() gainable privileges");
exit(1);
}
- if (prctl(PR_SET_PDEATHSIG, SIGHUP, 0, 0, 0) < 0)
+ if (prctl(PR_SET_PDEATHSIG, prctl_arg(SIGHUP), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0)) < 0)
SYSERROR("Error setting parent death signal for nbd watcher");
pid = fork();
int ret;
pid_t ppid;
- ret = prctl(PR_SET_PDEATHSIG, signal, 0, 0, 0);
+ ret = prctl(PR_SET_PDEATHSIG, prctl_arg(signal), prctl_arg(0),
+ prctl_arg(0), prctl_arg(0));
/* Check whether we have been orphaned. */
ppid = (pid_t)syscall(SYS_getppid);