aboutgitcodebugslistschat
path: root/pasta.h
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2022-10-14 15:25:34 +1100
committerStefano Brivio <sbrivio@redhat.com>2022-10-15 02:10:36 +0200
commitc22ebccba8a09065e59d080ac7a2969a267974ce (patch)
tree4a490e5a9ccaff784ef67182eba0715579d15715 /pasta.h
parentceb2061587b5113f58afc6944969ff79512a8767 (diff)
downloadpasst-c22ebccba8a09065e59d080ac7a2969a267974ce.tar
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.tar.gz
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.tar.bz2
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.tar.lz
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.tar.xz
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.tar.zst
passt-c22ebccba8a09065e59d080ac7a2969a267974ce.zip
isolation: Replace drop_caps() with a version that actually does something
The current implementation of drop_caps() doesn't really work because it attempts to drop capabilities from the bounding set. That's not the set that really matters, it's about limiting the abilities of things we might later exec() rather than our own capabilities. It also requires CAP_SETPCAP which we won't usually have. Replace it with a new version which uses setcap(2) to drop capabilities from the effective and permitted sets. For now we leave the inheritable set as is, since we don't want to preclude the user from passing inheritable capabilities to the command spawed by pasta. Correctly dropping caps reveals that we were relying on some capabilities we'd supposedly dropped. Re-divide the dropping of capabilities between isolate_initial(), isolate_user() and isolate_prefork() to make this work. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'pasta.h')
0 files changed, 0 insertions, 0 deletions