]>
code.delx.au - pulseaudio/blob - src/daemon/caps.c
2 This file is part of PulseAudio.
4 Copyright 2004-2006 Lennart Poettering
5 Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
7 PulseAudio is free software; you can redistribute it and/or modify
8 it under the terms of the GNU Lesser General Public License as published
9 by the Free Software Foundation; either version 2.1 of the License,
10 or (at your option) any later version.
12 PulseAudio is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with PulseAudio; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30 #include <sys/types.h>
32 #include <pulse/i18n.h>
34 #include <pulsecore/macro.h>
35 #include <pulsecore/core-error.h>
36 #include <pulsecore/log.h>
37 #include <pulsecore/core-util.h>
39 #ifdef HAVE_SYS_CAPABILITY_H
40 #include <sys/capability.h>
42 #ifdef HAVE_SYS_PRCTL_H
43 #include <sys/prctl.h>
48 /* Glibc <= 2.2 has broken unistd.h */
49 #if defined(linux) && (__GLIBC__ <= 2 && __GLIBC_MINOR__ <= 2)
50 int setresgid(gid_t r
, gid_t e
, gid_t s
);
51 int setresuid(uid_t r
, uid_t e
, uid_t s
);
56 /* Drop root rights when called SUID root */
57 void pa_drop_root(void) {
60 if (uid
== 0 || geteuid() != 0)
63 pa_log_info(_("Dropping root privileges."));
65 #if defined(HAVE_SETRESUID)
66 pa_assert_se(setresuid(uid
, uid
, uid
) >= 0);
67 #elif defined(HAVE_SETREUID)
68 pa_assert_se(setreuid(uid
, uid
) >= 0);
70 pa_assert_se(setuid(uid
) >= 0);
71 pa_assert_se(seteuid(uid
) >= 0);
74 pa_assert_se(getuid() == uid
);
75 pa_assert_se(geteuid() == uid
);
80 void pa_drop_root(void) {
85 #if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H)
87 /* Limit permitted capabilities set to CAPSYS_NICE */
88 void pa_limit_caps(void) {
90 cap_value_t nice_cap
= CAP_SYS_NICE
;
92 pa_assert_se(caps
= cap_init());
93 pa_assert_se(cap_clear(caps
) == 0);
94 pa_assert_se(cap_set_flag(caps
, CAP_EFFECTIVE
, 1, &nice_cap
, CAP_SET
) == 0);
95 pa_assert_se(cap_set_flag(caps
, CAP_PERMITTED
, 1, &nice_cap
, CAP_SET
) == 0);
97 if (cap_set_proc(caps
) < 0)
98 /* Hmm, so we couldn't limit our caps, which probably means we
99 * hadn't any in the first place, so let's just make sure of
103 pa_log_info(_("Limited capabilities successfully to CAP_SYS_NICE."));
105 pa_assert_se(cap_free(caps
) == 0);
107 pa_assert_se(prctl(PR_SET_KEEPCAPS
, 1, 0, 0, 0) == 0);
110 /* Drop all capabilities, effectively becoming a normal user */
111 void pa_drop_caps(void) {
115 /* Valgrind doesn't not know set_caps, so we bypass it here -- but
116 * only in development builds.*/
118 if (pa_in_valgrind() && !pa_have_caps())
122 pa_assert_se(prctl(PR_SET_KEEPCAPS
, 0, 0, 0, 0) == 0);
124 pa_assert_se(caps
= cap_init());
125 pa_assert_se(cap_clear(caps
) == 0);
126 pa_assert_se(cap_set_proc(caps
) == 0);
127 pa_assert_se(cap_free(caps
) == 0);
129 pa_assert_se(!pa_have_caps());
132 pa_bool_t
pa_have_caps(void) {
134 cap_flag_value_t flag
= CAP_CLEAR
;
137 pa_assert_se(caps
= cap_get_proc());
139 if (!(caps
= cap_get_proc()))
142 pa_assert_se(cap_get_flag(caps
, CAP_SYS_NICE
, CAP_EFFECTIVE
, &flag
) >= 0);
143 pa_assert_se(cap_free(caps
) == 0);
145 return flag
== CAP_SET
;
150 /* NOOPs in case capabilities are not available. */
151 void pa_limit_caps(void) {
154 void pa_drop_caps(void) {
158 pa_bool_t
pa_have_caps(void) {