capability: add new ambient_capabilities_supported() helper

This new function reports whether ambient caps are available, and should be quick because the result is cached.
author: Lennart Poettering <lennart@poettering.net> 2017-08-09 15:07:15 +0200
committer: Lennart Poettering <lennart@poettering.net> 2017-08-10 15:02:50 +0200
commit: 39f608e4b0ec2eea0a1a97df14bbcbe511101e18 (patch)
tree: de102eb9789be4716133ef40a1344fd486f6b11e /src/basic/capability-util.c
parent: 6067611a0847d5b8d4f322cf6540b016c95d4cb4 (diff)
download: systemd-39f608e4b0ec2eea0a1a97df14bbcbe511101e18.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index fe10536a69..96c2e992bd 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -370,3 +370,18 @@ int drop_capability(cap_value_t cv) {
 
         return 0;
 }
+
+bool ambient_capabilities_supported(void) {
+        static int cache = -1;
+
+        if (cache >= 0)
+                return cache;
+
+        /* If PR_CAP_AMBIENT returns something valid, or an unexpected error code we assume that ambient caps are
+         * available. */
+
+        cache = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_KILL, 0, 0) >= 0 ||
+                !IN_SET(errno, EINVAL, EOPNOTSUPP, ENOSYS);
+
+        return cache;
+}
author	Lennart Poettering <lennart@poettering.net>	2017-08-09 15:07:15 +0200
committer	Lennart Poettering <lennart@poettering.net>	2017-08-10 15:02:50 +0200
commit	39f608e4b0ec2eea0a1a97df14bbcbe511101e18 (patch)
tree	de102eb9789be4716133ef40a1344fd486f6b11e /src/basic/capability-util.c
parent	6067611a0847d5b8d4f322cf6540b016c95d4cb4 (diff)
download	systemd-39f608e4b0ec2eea0a1a97df14bbcbe511101e18.tar.gz