summaryrefslogtreecommitdiff
path: root/src/basic/capability-util.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-02-20 12:53:26 +0100
committerLennart Poettering <lennart@poettering.net>2023-02-20 16:49:45 +0100
commit3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496 (patch)
tree21ee28acaa802c7a16192541729f333eddcf2ad8 /src/basic/capability-util.h
parent6c5fff017ea460ecda9915654b4d2883fea04ba7 (diff)
downloadsystemd-3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496.tar.gz
capability-util: add CAP_MASK_ALL + CAP_MASK_UNSET macros
We should be more careful with distinguishing the cases "all bits set in caps mask" from "cap mask invalid". We so far mostly used UINT64_MAX for both, which is not correct though (as it would mean AmbientCapabilities=~0 followed by AmbientCapabilities=0) would result in capability 63 to be set (which we don't really allow, since that means unset).
Diffstat (limited to 'src/basic/capability-util.h')
-rw-r--r--src/basic/capability-util.h18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h
index 4d1b0521f4..48e8db35f6 100644
--- a/src/basic/capability-util.h
+++ b/src/basic/capability-util.h
@@ -9,7 +9,11 @@
#include "macro.h"
#include "missing_capability.h"
-#define CAP_ALL UINT64_MAX
+/* Special marker used when storing a capabilities mask as "unset" */
+#define CAP_MASK_UNSET UINT64_MAX
+
+/* All possible capabilities bits on */
+#define CAP_MASK_ALL UINT64_C(0x7fffffffffffffff)
unsigned cap_last_cap(void);
int have_effective_cap(int value);
@@ -59,14 +63,14 @@ typedef struct CapabilityQuintet {
assert_cc(CAP_LAST_CAP < 64);
-#define CAPABILITY_QUINTET_NULL { UINT64_MAX, UINT64_MAX, UINT64_MAX, UINT64_MAX, UINT64_MAX }
+#define CAPABILITY_QUINTET_NULL { CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET }
static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
- return q->effective != UINT64_MAX ||
- q->bounding != UINT64_MAX ||
- q->inheritable != UINT64_MAX ||
- q->permitted != UINT64_MAX ||
- q->ambient != UINT64_MAX;
+ return q->effective != CAP_MASK_UNSET ||
+ q->bounding != CAP_MASK_UNSET ||
+ q->inheritable != CAP_MASK_UNSET ||
+ q->permitted != CAP_MASK_UNSET ||
+ q->ambient != CAP_MASK_UNSET;
}
/* Mangles the specified caps quintet taking the current bounding set into account:
View Lorry Controller Status