From: Marc Fournier Date: Tue, 26 Jan 2016 17:14:09 +0000 (+0100) Subject: src/daemon/common.[ch]: add check_capability() function X-Git-Tag: collectd-5.6.0~57^2~8 X-Git-Url: https://git.verplant.org/?a=commitdiff_plain;h=d3ba4d04f6c5d22ba97ea81cdca2e2acd04dfec1;p=collectd.git src/daemon/common.[ch]: add check_capability() function This is largely inspired by the capability check done in src/turbostat.c, so most of the credits go to Vincent Brillault. --- diff --git a/src/daemon/common.c b/src/daemon/common.c index c4dbecbe..3e2db15a 100644 --- a/src/daemon/common.c +++ b/src/daemon/common.c @@ -60,6 +60,10 @@ # include #endif +#ifdef HAVE_SYS_CAPABILITY_H +# include +#endif + #ifdef HAVE_LIBKSTAT extern kstat_ctl_t *kc; #endif @@ -1668,3 +1672,26 @@ void strarray_free (char **array, size_t array_len) /* {{{ */ sfree (array[i]); sfree (array); } /* }}} void strarray_free */ + +#ifdef HAVE_SYS_CAPABILITY_H +int check_capability (int capability) /* {{{ */ +{ + struct __user_cap_header_struct cap_header_data; + cap_user_header_t cap_header = &cap_header_data; + struct __user_cap_data_struct cap_data_data; + cap_user_data_t cap_data = &cap_data_data; + + cap_header->pid = getpid(); + cap_header->version = _LINUX_CAPABILITY_VERSION; + if (capget(cap_header, cap_data) < 0) + { + ERROR("check_capability: capget failed"); + return (-1); + } + + if ((cap_data->effective & (1 << capability)) == 0) + return (-1); + else + return (0); +} /* }}} int check_capability */ +#endif diff --git a/src/daemon/common.h b/src/daemon/common.h index 5ad2b50d..720e5f1b 100644 --- a/src/daemon/common.h +++ b/src/daemon/common.h @@ -375,4 +375,12 @@ int strtogauge (const char *string, gauge_t *ret_value); int strarray_add (char ***ret_array, size_t *ret_array_len, char const *str); void strarray_free (char **array, size_t array_len); +#ifdef HAVE_SYS_CAPABILITY_H +/** Check if the current process benefits from the capability passed in + * argument. Returns zero if it does, less than zero if it doesn't or on error. + * See capabilities(7) for the list of possible capabilities. + * */ +int check_capability (int capability); +#endif /* HAVE_SYS_CAPABILITY_H */ + #endif /* COMMON_H */