container/syscall: export prctl wrapper
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				Test / Create distribution (push) Successful in 33s
				
			
		
			
				
	
				Test / Sandbox (push) Successful in 2m13s
				
			
		
			
				
	
				Test / Hakurei (push) Successful in 3m3s
				
			
		
			
				
	
				Test / Sandbox (race detector) (push) Successful in 3m58s
				
			
		
			
				
	
				Test / Hpkg (push) Successful in 4m4s
				
			
		
			
				
	
				Test / Hakurei (race detector) (push) Successful in 4m46s
				
			
		
			
				
	
				Test / Flake checks (push) Successful in 1m27s
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	Test / Create distribution (push) Successful in 33s
				
			Test / Sandbox (push) Successful in 2m13s
				
			Test / Hakurei (push) Successful in 3m3s
				
			Test / Sandbox (race detector) (push) Successful in 3m58s
				
			Test / Hpkg (push) Successful in 4m4s
				
			Test / Hakurei (race detector) (push) Successful in 4m46s
				
			Test / Flake checks (push) Successful in 1m27s
				
			This is useful as package "syscall" does not provide such a wrapper. This change also improves error handling to fully conform to the manpage. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
		
							parent
							
								
									fcd9becf9a
								
							
						
					
					
						commit
						c5f59c5488
					
				| @ -49,41 +49,10 @@ func capset(hdrp *capHeader, datap *[2]capData) error { | ||||
| } | ||||
| 
 | ||||
| // capBoundingSetDrop drops a capability from the calling thread's capability bounding set. | ||||
| func capBoundingSetDrop(cap uintptr) error { | ||||
| 	r, _, errno := syscall.Syscall( | ||||
| 		syscall.SYS_PRCTL, | ||||
| 		syscall.PR_CAPBSET_DROP, | ||||
| 		cap, 0, | ||||
| 	) | ||||
| 	if r != 0 { | ||||
| 		return errno | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
| func capBoundingSetDrop(cap uintptr) error { return Prctl(syscall.PR_CAPBSET_DROP, cap, 0) } | ||||
| 
 | ||||
| // capAmbientClearAll clears the ambient capability set of the calling thread. | ||||
| func capAmbientClearAll() error { | ||||
| 	r, _, errno := syscall.Syscall( | ||||
| 		syscall.SYS_PRCTL, | ||||
| 		PR_CAP_AMBIENT, | ||||
| 		PR_CAP_AMBIENT_CLEAR_ALL, 0, | ||||
| 	) | ||||
| 	if r != 0 { | ||||
| 		return errno | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
| func capAmbientClearAll() error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0) } | ||||
| 
 | ||||
| // capAmbientRaise adds to the ambient capability set of the calling thread. | ||||
| func capAmbientRaise(cap uintptr) error { | ||||
| 	r, _, errno := syscall.Syscall( | ||||
| 		syscall.SYS_PRCTL, | ||||
| 		PR_CAP_AMBIENT, | ||||
| 		PR_CAP_AMBIENT_RAISE, | ||||
| 		cap, | ||||
| 	) | ||||
| 	if r != 0 { | ||||
| 		return errno | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
| func capAmbientRaise(cap uintptr) error { return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap) } | ||||
|  | ||||
| @ -5,38 +5,29 @@ import ( | ||||
| 	"unsafe" | ||||
| ) | ||||
| 
 | ||||
| // SetPtracer allows processes to ptrace(2) the calling process. | ||||
| func SetPtracer(pid uintptr) error { | ||||
| 	_, _, errno := Syscall(SYS_PRCTL, PR_SET_PTRACER, pid, 0) | ||||
| 	if errno == 0 { | ||||
| 		return nil | ||||
| 	} | ||||
| // Prctl manipulates various aspects of the behavior of the calling thread or process. | ||||
| func Prctl(op, arg2, arg3 uintptr) error { | ||||
| 	r, _, errno := Syscall(SYS_PRCTL, op, arg2, arg3) | ||||
| 	if r < 0 { | ||||
| 		return errno | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // SetPtracer allows processes to ptrace(2) the calling process. | ||||
| func SetPtracer(pid uintptr) error { return Prctl(PR_SET_PTRACER, pid, 0) } | ||||
| 
 | ||||
| // linux/sched/coredump.h | ||||
| const ( | ||||
| 	SUID_DUMP_DISABLE = iota | ||||
| 	SUID_DUMP_USER | ||||
| ) | ||||
| 
 | ||||
| // SetDumpable sets the "dumpable" attribute of the calling process. | ||||
| func SetDumpable(dumpable uintptr) error { | ||||
| 	// linux/sched/coredump.h | ||||
| 	if _, _, errno := Syscall(SYS_PRCTL, PR_SET_DUMPABLE, dumpable, 0); errno != 0 { | ||||
| 		return errno | ||||
| 	} | ||||
| 
 | ||||
| 	return nil | ||||
| } | ||||
| func SetDumpable(dumpable uintptr) error { return Prctl(PR_SET_DUMPABLE, dumpable, 0) } | ||||
| 
 | ||||
| // SetNoNewPrivs sets the calling thread's no_new_privs attribute. | ||||
| func SetNoNewPrivs() error { | ||||
| 	_, _, errno := Syscall(SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0) | ||||
| 	if errno == 0 { | ||||
| 		return nil | ||||
| 	} | ||||
| 	return errno | ||||
| } | ||||
| func SetNoNewPrivs() error { return Prctl(PR_SET_NO_NEW_PRIVS, 1, 0) } | ||||
| 
 | ||||
| // Isatty tests whether a file descriptor refers to a terminal. | ||||
| func Isatty(fd int) bool { | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user