container/syscall: export prctl wrapper
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m3s
Test / Sandbox (race detector) (push) Successful in 3m58s
Test / Hpkg (push) Successful in 4m4s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Flake checks (push) Successful in 1m27s
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m3s
Test / Sandbox (race detector) (push) Successful in 3m58s
Test / Hpkg (push) Successful in 4m4s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Flake checks (push) Successful in 1m27s
This is useful as package "syscall" does not provide such a wrapper. This change also improves error handling to fully conform to the manpage. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
fcd9becf9a
commit
c5f59c5488
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -49,41 +49,10 @@ func capset(hdrp *capHeader, datap *[2]capData) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// capBoundingSetDrop drops a capability from the calling thread's capability bounding set.
|
// capBoundingSetDrop drops a capability from the calling thread's capability bounding set.
|
||||||
func capBoundingSetDrop(cap uintptr) error {
|
func capBoundingSetDrop(cap uintptr) error { return Prctl(syscall.PR_CAPBSET_DROP, cap, 0) }
|
||||||
r, _, errno := syscall.Syscall(
|
|
||||||
syscall.SYS_PRCTL,
|
|
||||||
syscall.PR_CAPBSET_DROP,
|
|
||||||
cap, 0,
|
|
||||||
)
|
|
||||||
if r != 0 {
|
|
||||||
return errno
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// capAmbientClearAll clears the ambient capability set of the calling thread.
|
// capAmbientClearAll clears the ambient capability set of the calling thread.
|
||||||
func capAmbientClearAll() error {
|
func capAmbientClearAll() error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0) }
|
||||||
r, _, errno := syscall.Syscall(
|
|
||||||
syscall.SYS_PRCTL,
|
|
||||||
PR_CAP_AMBIENT,
|
|
||||||
PR_CAP_AMBIENT_CLEAR_ALL, 0,
|
|
||||||
)
|
|
||||||
if r != 0 {
|
|
||||||
return errno
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// capAmbientRaise adds to the ambient capability set of the calling thread.
|
// capAmbientRaise adds to the ambient capability set of the calling thread.
|
||||||
func capAmbientRaise(cap uintptr) error {
|
func capAmbientRaise(cap uintptr) error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap) }
|
||||||
r, _, errno := syscall.Syscall(
|
|
||||||
syscall.SYS_PRCTL,
|
|
||||||
PR_CAP_AMBIENT,
|
|
||||||
PR_CAP_AMBIENT_RAISE,
|
|
||||||
cap,
|
|
||||||
)
|
|
||||||
if r != 0 {
|
|
||||||
return errno
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|||||||
@ -5,38 +5,29 @@ import (
|
|||||||
"unsafe"
|
"unsafe"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SetPtracer allows processes to ptrace(2) the calling process.
|
// Prctl manipulates various aspects of the behavior of the calling thread or process.
|
||||||
func SetPtracer(pid uintptr) error {
|
func Prctl(op, arg2, arg3 uintptr) error {
|
||||||
_, _, errno := Syscall(SYS_PRCTL, PR_SET_PTRACER, pid, 0)
|
r, _, errno := Syscall(SYS_PRCTL, op, arg2, arg3)
|
||||||
if errno == 0 {
|
if r < 0 {
|
||||||
return nil
|
return errno
|
||||||
}
|
}
|
||||||
return errno
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetPtracer allows processes to ptrace(2) the calling process.
|
||||||
|
func SetPtracer(pid uintptr) error { return Prctl(PR_SET_PTRACER, pid, 0) }
|
||||||
|
|
||||||
|
// linux/sched/coredump.h
|
||||||
const (
|
const (
|
||||||
SUID_DUMP_DISABLE = iota
|
SUID_DUMP_DISABLE = iota
|
||||||
SUID_DUMP_USER
|
SUID_DUMP_USER
|
||||||
)
|
)
|
||||||
|
|
||||||
// SetDumpable sets the "dumpable" attribute of the calling process.
|
// SetDumpable sets the "dumpable" attribute of the calling process.
|
||||||
func SetDumpable(dumpable uintptr) error {
|
func SetDumpable(dumpable uintptr) error { return Prctl(PR_SET_DUMPABLE, dumpable, 0) }
|
||||||
// linux/sched/coredump.h
|
|
||||||
if _, _, errno := Syscall(SYS_PRCTL, PR_SET_DUMPABLE, dumpable, 0); errno != 0 {
|
|
||||||
return errno
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetNoNewPrivs sets the calling thread's no_new_privs attribute.
|
// SetNoNewPrivs sets the calling thread's no_new_privs attribute.
|
||||||
func SetNoNewPrivs() error {
|
func SetNoNewPrivs() error { return Prctl(PR_SET_NO_NEW_PRIVS, 1, 0) }
|
||||||
_, _, errno := Syscall(SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0)
|
|
||||||
if errno == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return errno
|
|
||||||
}
|
|
||||||
|
|
||||||
// Isatty tests whether a file descriptor refers to a terminal.
|
// Isatty tests whether a file descriptor refers to a terminal.
|
||||||
func Isatty(fd int) bool {
|
func Isatty(fd int) bool {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user