diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 00:41:00 -0800 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 00:41:00 -0800 |
commit | a4f905afc251e48ee106fdede8ad15e9cf5b4cdc (patch) | |
tree | c8380c071e18ad35b41f1960d327ff81be9e789f /nixos/modules/security | |
parent | 785684f6c2367ce979d908e25dd7831992f19f24 (diff) | |
download | nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar.gz nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar.bz2 nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar.lz nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar.xz nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.tar.zst nixlib-a4f905afc251e48ee106fdede8ad15e9cf5b4cdc.zip |
Enhhh I think compile time macros are gross
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/permissions-wrappers/permissions-wrapper.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/nixos/modules/security/permissions-wrappers/permissions-wrapper.c b/nixos/modules/security/permissions-wrappers/permissions-wrapper.c index f74a952b7d84..2e7b1edde3be 100644 --- a/nixos/modules/security/permissions-wrappers/permissions-wrapper.c +++ b/nixos/modules/security/permissions-wrappers/permissions-wrapper.c @@ -8,6 +8,11 @@ #include <dirent.h> #include <assert.h> #include <errno.h> +#include <linux/capability.h> +#include <sys/capability.h> +#include <linux/prctl.h> +#include <sys/prctl.h> +#include <cap-ng.h> // Make sure assertions are not compiled out, we use them to codify // invariants about this program and we want it to fail fast and @@ -32,13 +37,6 @@ fprintf(stderr, "Program must be compiled with either the WRAPPER_SETCAP or WRAP exit(1); #endif -#ifdef WRAPPER_SETCAP -#include <linux/capability.h> -#include <sys/capability.h> -#include <linux/prctl.h> -#include <sys/prctl.h> -#include <cap-ng.h> - // Update the capabilities of the running process to include the given // capability in the Ambient set. static void set_ambient_cap(cap_value_t cap) @@ -163,7 +161,6 @@ static int make_caps_ambient(const char *selfPath) return 0; } -#endif int main(int argc, char * * argv) { @@ -211,9 +208,8 @@ int main(int argc, char * * argv) // Read the capabilities set on the file and raise them in to the // Ambient set so the program we're wrapping receives the // capabilities too! - #ifdef WRAPPER_SETCAP - assert(!make_caps_ambient(selfPath)); - #endif + if (strcmp(wrapperType, "setcap") == 0) + assert(!make_caps_ambient(selfPath)); execve(sourceProg, argv, environ); |