diff options
| author | Andrew G. Morgan <agm@google.com> | 2020-06-02 17:20:37 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2020-06-02 17:20:37 -0700 |
| commit | 56e62de21dc6b1531ce8560bce97332f8da30c6f (patch) | |
| tree | fcad56ea9458b1ed762705bf31c2d2c3ce91578c | |
| parent | 9e9537a1da07414a906acf678cbd18864b4f9820 (diff) | |
| download | libcap2-56e62de21dc6b1531ce8560bce97332f8da30c6f.tar.gz | |
More linter findings.
Should have likely included these in the earlier patch. Too much
to clean up I guess.
Signed-off-by: Andrew G. Morgan <agm@google.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rw-r--r-- | cap/convenience.go | 2 | ||||
| -rw-r--r-- | cap/file.go | 50 | ||||
| -rw-r--r-- | libcap/cap_proc.c | 4 |
3 files changed, 29 insertions, 27 deletions
diff --git a/cap/convenience.go b/cap/convenience.go index 09cd287..a4c132d 100644 --- a/cap/convenience.go +++ b/cap/convenience.go @@ -120,6 +120,8 @@ func GetMode() Mode { return ModeNoPriv } +// ErrBadMode is the error returned when an attempt is made to set an +// unrecognized libcap security mode. var ErrBadMode = errors.New("unsupported mode") func (sc *syscaller) setMode(m Mode) error { diff --git a/cap/file.go b/cap/file.go index 462d2b4..7c83feb 100644 --- a/cap/file.go +++ b/cap/file.go @@ -17,32 +17,32 @@ var ( // uapi/linux/capability.h defined. const ( - VFS_CAP_REVISION_MASK = uint32(0xff000000) - VFS_CAP_FLAGS_MASK = ^VFS_CAP_REVISION_MASK - VFS_CAP_FLAGS_EFFECTIVE = uint32(1) + vfsCapRevisionMask = uint32(0xff000000) + vfsCapFlagsMask = ^vfsCapRevisionMask + vfsCapFlagsEffective = uint32(1) - VFS_CAP_REVISION_1 = uint32(0x01000000) - VFS_CAP_REVISION_2 = uint32(0x02000000) - VFS_CAP_REVISION_3 = uint32(0x03000000) + vfsCapRevision1 = uint32(0x01000000) + vfsCapRevision2 = uint32(0x02000000) + vfsCapRevision3 = uint32(0x03000000) ) // Data types stored in little-endian order. -type vfs_caps_1 struct { +type vfsCaps1 struct { MagicEtc uint32 Data [1]struct { Permitted, Inheritable uint32 } } -type vfs_caps_2 struct { +type vfsCaps2 struct { MagicEtc uint32 Data [2]struct { Permitted, Inheritable uint32 } } -type vfs_caps_3 struct { +type vfsCaps3 struct { MagicEtc uint32 Data [2]struct { Permitted, Inheritable uint32 @@ -64,9 +64,9 @@ func digestFileCap(d []byte, sz int, err error) (*Set, error) { if err != nil { return nil, err } - var raw1 vfs_caps_1 - var raw2 vfs_caps_2 - var raw3 vfs_caps_3 + var raw1 vfsCaps1 + var raw2 vfsCaps2 + var raw3 vfsCaps3 if sz < binary.Size(raw1) || sz > binary.Size(raw3) { return nil, ErrBadSize } @@ -78,36 +78,36 @@ func digestFileCap(d []byte, sz int, err error) (*Set, error) { c := NewSet() b.Seek(0, io.SeekStart) - switch magicEtc & VFS_CAP_REVISION_MASK { - case VFS_CAP_REVISION_1: + switch magicEtc & vfsCapRevisionMask { + case vfsCapRevision1: if err = binary.Read(b, binary.LittleEndian, &raw1); err != nil { return nil, err } data := raw1.Data[0] c.flat[0][Permitted] = data.Permitted c.flat[0][Inheritable] = data.Inheritable - if raw1.MagicEtc&VFS_CAP_FLAGS_MASK == VFS_CAP_FLAGS_EFFECTIVE { + if raw1.MagicEtc&vfsCapFlagsMask == vfsCapFlagsEffective { c.flat[0][Effective] = data.Inheritable | data.Permitted } - case VFS_CAP_REVISION_2: + case vfsCapRevision2: if err = binary.Read(b, binary.LittleEndian, &raw2); err != nil { return nil, err } for i, data := range raw2.Data { c.flat[i][Permitted] = data.Permitted c.flat[i][Inheritable] = data.Inheritable - if raw2.MagicEtc&VFS_CAP_FLAGS_MASK == VFS_CAP_FLAGS_EFFECTIVE { + if raw2.MagicEtc&vfsCapFlagsMask == vfsCapFlagsEffective { c.flat[i][Effective] = data.Inheritable | data.Permitted } } - case VFS_CAP_REVISION_3: + case vfsCapRevision3: if err = binary.Read(b, binary.LittleEndian, &raw3); err != nil { return nil, err } for i, data := range raw3.Data { c.flat[i][Permitted] = data.Permitted c.flat[i][Inheritable] = data.Inheritable - if raw3.MagicEtc&VFS_CAP_FLAGS_MASK == VFS_CAP_FLAGS_EFFECTIVE { + if raw3.MagicEtc&vfsCapFlagsMask == vfsCapFlagsEffective { c.flat[i][Effective] = data.Inheritable | data.Permitted } } @@ -122,7 +122,7 @@ func digestFileCap(d []byte, sz int, err error) (*Set, error) { // GetFd returns the file capabilities of an open (*os.File).Fd(). func GetFd(file *os.File) (*Set, error) { - var raw3 vfs_caps_3 + var raw3 vfsCaps3 d := make([]byte, binary.Size(raw3)) sz, _, oErr := multisc.r6(syscall.SYS_FGETXATTR, uintptr(file.Fd()), uintptr(unsafe.Pointer(xattrNameCaps)), uintptr(unsafe.Pointer(&d[0])), uintptr(len(d)), 0, 0) var err error @@ -140,7 +140,7 @@ func GetFile(path string) (*Set, error) { if err != nil { return nil, err } - var raw3 vfs_caps_3 + var raw3 vfsCaps3 d := make([]byte, binary.Size(raw3)) sz, _, oErr := multisc.r6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(p)), uintptr(unsafe.Pointer(xattrNameCaps)), uintptr(unsafe.Pointer(&d[0])), uintptr(len(d)), 0, 0) if oErr != 0 { @@ -168,13 +168,13 @@ func (c *Set) packFileCap() ([]byte, error) { if c.nsRoot != 0 { return nil, ErrBadSet // nsRoot not supported for single DWORD caps. } - magic = VFS_CAP_REVISION_1 + magic = vfsCapRevision1 case 2: if c.nsRoot == 0 { - magic = VFS_CAP_REVISION_2 + magic = vfsCapRevision2 break } - magic = VFS_CAP_REVISION_3 + magic = vfsCapRevision3 } if magic == 0 { return nil, ErrBadSize @@ -184,7 +184,7 @@ func (c *Set) packFileCap() ([]byte, error) { eff |= (f[Permitted] | f[Inheritable]) & f[Effective] } if eff != 0 { - magic |= VFS_CAP_FLAGS_EFFECTIVE + magic |= vfsCapFlagsEffective } b := new(bytes.Buffer) binary.Write(b, binary.LittleEndian, magic) diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c index dfc47a8..c1cda2e 100644 --- a/libcap/cap_proc.c +++ b/libcap/cap_proc.c @@ -899,7 +899,7 @@ defer: * characteristics, to make sure they stick, or return an error * of -1 setting errno because the launch failed. */ -pid_t cap_launch(cap_launch_t details, void *data) { +pid_t cap_launch(cap_launch_t attr, void *data) { int my_errno; int ps[2]; @@ -917,7 +917,7 @@ pid_t cap_launch(cap_launch_t details, void *data) { if (!child) { close(ps[0]); /* noreturn from this function: */ - _cap_launch(ps[1], details, data); + _cap_launch(ps[1], attr, data); } /* |