diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-08-27 15:45:53 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-08-28 18:52:48 +0200 |
commit | b2af819b22d7219f96186193b60f453b8faa49a8 (patch) | |
tree | 58238a089292342c798607b60ba993072a8ca053 /src | |
parent | 0f849d0af983922e1571b958c9ca42f51e799190 (diff) | |
download | systemd-b2af819b22d7219f96186193b60f453b8faa49a8.tar.gz |
analyze: add 'capability' verb for dumping all known and unknown caps
Diffstat (limited to 'src')
-rw-r--r-- | src/analyze/analyze.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index f0359e70e0..549c4a4a9b 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -21,6 +21,8 @@ #include "bus-map-properties.h" #include "bus-unit-util.h" #include "calendarspec.h" +#include "cap-list.h" +#include "capability-util.h" #include "conf-files.h" #include "copy.h" #include "def.h" @@ -1592,6 +1594,51 @@ static int dump_exit_status(int argc, char *argv[], void *userdata) { return table_print(table, NULL); } +static int dump_capabilities(int argc, char *argv[], void *userdata) { + _cleanup_(table_unrefp) Table *table = NULL; + unsigned last_cap; + int r; + + table = table_new("name", "number"); + if (!table) + return log_oom(); + + (void) table_set_align_percent(table, table_get_cell(table, 0, 1), 100); + + /* Determine the maximum of the last cap known by the kernel and by us */ + last_cap = MAX((unsigned) CAP_LAST_CAP, cap_last_cap()); + + if (strv_isempty(strv_skip(argv, 1))) + for (unsigned c = 0; c <= last_cap; c++) { + r = table_add_many(table, + TABLE_STRING, capability_to_name(c) ?: "cap_???", + TABLE_UINT, c); + if (r < 0) + return table_log_add_error(r); + } + else { + for (int i = 1; i < argc; i++) { + int c; + + c = capability_from_name(argv[i]); + if (c < 0 || (unsigned) c > last_cap) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Capability \"%s\" not known.", argv[i]); + + r = table_add_many(table, + TABLE_STRING, capability_to_name(c) ?: "cap_???", + TABLE_UINT, (unsigned) c); + if (r < 0) + return table_log_add_error(r); + } + + (void) table_set_sort(table, (size_t) 1, (size_t) -1); + } + + (void) pager_open(arg_pager_flags); + + return table_print(table, NULL); +} + #if HAVE_SECCOMP static int load_kernel_syscalls(Set **ret) { @@ -2126,6 +2173,7 @@ static int help(int argc, char *argv[], void *userdata) { " unit-files List files and symlinks for units\n" " unit-paths List load directories for units\n" " exit-status [STATUS...] List exit status definitions\n" + " capability [CAP...] List capability definitions\n" " syscall-filter [NAME...] Print list of syscalls in seccomp filter\n" " condition CONDITION... Evaluate conditions and asserts\n" " verify FILE... Check unit files for correctness\n" @@ -2363,6 +2411,7 @@ static int run(int argc, char *argv[]) { { "unit-paths", 1, 1, 0, dump_unit_paths }, { "exit-status", VERB_ANY, VERB_ANY, 0, dump_exit_status }, { "syscall-filter", VERB_ANY, VERB_ANY, 0, dump_syscall_filters }, + { "capability", VERB_ANY, VERB_ANY, 0, dump_capabilities }, { "condition", 2, VERB_ANY, 0, do_condition }, { "verify", 2, VERB_ANY, 0, do_verify }, { "calendar", 2, VERB_ANY, 0, test_calendar }, |