diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-07-10 16:53:51 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-07-10 16:55:24 +0200 |
| commit | 864a25d99bb523e7a5c166771e3ddbf39baffd33 (patch) | |
| tree | 7dfa7c31964cbccc830a6651717011e679f399a3 /src/basic/capability-util.c | |
| parent | 417770f3033c426ca848b158d0bf057cd8ad1329 (diff) | |
| download | systemd-864a25d99bb523e7a5c166771e3ddbf39baffd33.tar.gz | |
basic/capability-util: let cap_last_cap() return unsigned integer
We never return anything higher than 63, so using "long unsigned"
as the type only confused the reader. (We can still use "long unsigned"
and safe_atolu() to parse the kernel file.)
Diffstat (limited to 'src/basic/capability-util.c')
| -rw-r--r-- | src/basic/capability-util.c | 31 |
1 files changed, 12 insertions, 19 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index ac96eabc03..5a4d020f52 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -31,8 +31,8 @@ int have_effective_cap(int value) { return fv == CAP_SET; } -unsigned long cap_last_cap(void) { - static thread_local unsigned long saved; +unsigned cap_last_cap(void) { + static thread_local unsigned saved; static thread_local bool valid = false; _cleanup_free_ char *content = NULL; unsigned long p = 0; @@ -65,7 +65,7 @@ unsigned long cap_last_cap(void) { if (prctl(PR_CAPBSET_READ, p) < 0) { /* Hmm, look downwards, until we find one that works */ - for (p--; p > 0; p --) + for (p--; p > 0; p--) if (prctl(PR_CAPBSET_READ, p) >= 0) break; @@ -84,12 +84,10 @@ unsigned long cap_last_cap(void) { } int capability_update_inherited_set(cap_t caps, uint64_t set) { - unsigned long i; - /* Add capabilities in the set to the inherited caps, drops capabilities not in the set. * Do not apply them yet. */ - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { cap_flag_value_t flag = set & (UINT64_C(1) << i) ? CAP_SET : CAP_CLEAR; cap_value_t v; @@ -104,11 +102,10 @@ int capability_update_inherited_set(cap_t caps, uint64_t set) { int capability_ambient_set_apply(uint64_t set, bool also_inherit) { _cleanup_cap_free_ cap_t caps = NULL; - unsigned long i; int r; /* Remove capabilities requested in ambient set, but not in the bounding set */ - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { if (set == 0) break; @@ -140,7 +137,7 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { return -errno; } - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { if (set & (UINT64_C(1) << i)) { @@ -167,7 +164,6 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { int capability_bounding_set_drop(uint64_t keep, bool right_now) { _cleanup_cap_free_ cap_t before_cap = NULL, after_cap = NULL; cap_flag_value_t fv; - unsigned long i; int r; /* If we are run as PID 1 we will lack CAP_SETPCAP by default @@ -204,7 +200,7 @@ int capability_bounding_set_drop(uint64_t keep, bool right_now) { if (!after_cap) return -errno; - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { cap_value_t v; if ((keep & (UINT64_C(1) << i))) @@ -390,7 +386,6 @@ bool ambient_capabilities_supported(void) { } bool capability_quintet_mangle(CapabilityQuintet *q) { - unsigned long i; uint64_t combined, drop = 0; bool ambient_supported; @@ -402,7 +397,7 @@ bool capability_quintet_mangle(CapabilityQuintet *q) { if (ambient_supported) combined |= q->ambient; - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { unsigned long bit = UINT64_C(1) << i; if (!FLAGS_SET(combined, bit)) continue; @@ -431,16 +426,15 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { int r; if (q->ambient != (uint64_t) -1) { - unsigned long i; bool changed = false; c = cap_get_proc(); if (!c) return -errno; - /* In order to raise the ambient caps set we first need to raise the matching inheritable + permitted - * cap */ - for (i = 0; i <= cap_last_cap(); i++) { + /* In order to raise the ambient caps set we first need to raise the matching + * inheritable + permitted cap */ + for (unsigned i = 0; i <= cap_last_cap(); i++) { uint64_t m = UINT64_C(1) << i; cap_value_t cv = (cap_value_t) i; cap_flag_value_t old_value_inheritable, old_value_permitted; @@ -475,7 +469,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { if (q->inheritable != (uint64_t) -1 || q->permitted != (uint64_t) -1 || q->effective != (uint64_t) -1) { bool changed = false; - unsigned long i; if (!c) { c = cap_get_proc(); @@ -483,7 +476,7 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { return -errno; } - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { uint64_t m = UINT64_C(1) << i; cap_value_t cv = (cap_value_t) i; |