container/syscall: export prctl wrapper
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				Test / Create distribution (push) Successful in 33s
				
			
		
			
				
	
				Test / Sandbox (push) Successful in 2m13s
				
			
		
			
				
	
				Test / Hakurei (push) Successful in 3m3s
				
			
		
			
				
	
				Test / Sandbox (race detector) (push) Successful in 3m58s
				
			
		
			
				
	
				Test / Hpkg (push) Successful in 4m4s
				
			
		
			
				
	
				Test / Hakurei (race detector) (push) Successful in 4m46s
				
			
		
			
				
	
				Test / Flake checks (push) Successful in 1m27s
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	Test / Create distribution (push) Successful in 33s
				
			Test / Sandbox (push) Successful in 2m13s
				
			Test / Hakurei (push) Successful in 3m3s
				
			Test / Sandbox (race detector) (push) Successful in 3m58s
				
			Test / Hpkg (push) Successful in 4m4s
				
			Test / Hakurei (race detector) (push) Successful in 4m46s
				
			Test / Flake checks (push) Successful in 1m27s
				
			This is useful as package "syscall" does not provide such a wrapper. This change also improves error handling to fully conform to the manpage. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
		
							parent
							
								
									fcd9becf9a
								
							
						
					
					
						commit
						c5f59c5488
					
				| @ -49,41 +49,10 @@ func capset(hdrp *capHeader, datap *[2]capData) error { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // capBoundingSetDrop drops a capability from the calling thread's capability bounding set. | // capBoundingSetDrop drops a capability from the calling thread's capability bounding set. | ||||||
| func capBoundingSetDrop(cap uintptr) error { | func capBoundingSetDrop(cap uintptr) error { return Prctl(syscall.PR_CAPBSET_DROP, cap, 0) } | ||||||
| 	r, _, errno := syscall.Syscall( |  | ||||||
| 		syscall.SYS_PRCTL, |  | ||||||
| 		syscall.PR_CAPBSET_DROP, |  | ||||||
| 		cap, 0, |  | ||||||
| 	) |  | ||||||
| 	if r != 0 { |  | ||||||
| 		return errno |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| // capAmbientClearAll clears the ambient capability set of the calling thread. | // capAmbientClearAll clears the ambient capability set of the calling thread. | ||||||
| func capAmbientClearAll() error { | func capAmbientClearAll() error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0) } | ||||||
| 	r, _, errno := syscall.Syscall( |  | ||||||
| 		syscall.SYS_PRCTL, |  | ||||||
| 		PR_CAP_AMBIENT, |  | ||||||
| 		PR_CAP_AMBIENT_CLEAR_ALL, 0, |  | ||||||
| 	) |  | ||||||
| 	if r != 0 { |  | ||||||
| 		return errno |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| // capAmbientRaise adds to the ambient capability set of the calling thread. | // capAmbientRaise adds to the ambient capability set of the calling thread. | ||||||
| func capAmbientRaise(cap uintptr) error { | func capAmbientRaise(cap uintptr) error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap) } | ||||||
| 	r, _, errno := syscall.Syscall( |  | ||||||
| 		syscall.SYS_PRCTL, |  | ||||||
| 		PR_CAP_AMBIENT, |  | ||||||
| 		PR_CAP_AMBIENT_RAISE, |  | ||||||
| 		cap, |  | ||||||
| 	) |  | ||||||
| 	if r != 0 { |  | ||||||
| 		return errno |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  | |||||||
| @ -5,38 +5,29 @@ import ( | |||||||
| 	"unsafe" | 	"unsafe" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // SetPtracer allows processes to ptrace(2) the calling process. | // Prctl manipulates various aspects of the behavior of the calling thread or process. | ||||||
| func SetPtracer(pid uintptr) error { | func Prctl(op, arg2, arg3 uintptr) error { | ||||||
| 	_, _, errno := Syscall(SYS_PRCTL, PR_SET_PTRACER, pid, 0) | 	r, _, errno := Syscall(SYS_PRCTL, op, arg2, arg3) | ||||||
| 	if errno == 0 { | 	if r < 0 { | ||||||
| 		return nil | 		return errno | ||||||
| 	} | 	} | ||||||
| 	return errno | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | // SetPtracer allows processes to ptrace(2) the calling process. | ||||||
|  | func SetPtracer(pid uintptr) error { return Prctl(PR_SET_PTRACER, pid, 0) } | ||||||
|  | 
 | ||||||
|  | // linux/sched/coredump.h | ||||||
| const ( | const ( | ||||||
| 	SUID_DUMP_DISABLE = iota | 	SUID_DUMP_DISABLE = iota | ||||||
| 	SUID_DUMP_USER | 	SUID_DUMP_USER | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // SetDumpable sets the "dumpable" attribute of the calling process. | // SetDumpable sets the "dumpable" attribute of the calling process. | ||||||
| func SetDumpable(dumpable uintptr) error { | func SetDumpable(dumpable uintptr) error { return Prctl(PR_SET_DUMPABLE, dumpable, 0) } | ||||||
| 	// linux/sched/coredump.h |  | ||||||
| 	if _, _, errno := Syscall(SYS_PRCTL, PR_SET_DUMPABLE, dumpable, 0); errno != 0 { |  | ||||||
| 		return errno |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| // SetNoNewPrivs sets the calling thread's no_new_privs attribute. | // SetNoNewPrivs sets the calling thread's no_new_privs attribute. | ||||||
| func SetNoNewPrivs() error { | func SetNoNewPrivs() error { return Prctl(PR_SET_NO_NEW_PRIVS, 1, 0) } | ||||||
| 	_, _, errno := Syscall(SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0) |  | ||||||
| 	if errno == 0 { |  | ||||||
| 		return nil |  | ||||||
| 	} |  | ||||||
| 	return errno |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| // Isatty tests whether a file descriptor refers to a terminal. | // Isatty tests whether a file descriptor refers to a terminal. | ||||||
| func Isatty(fd int) bool { | func Isatty(fd int) bool { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user