diff options
| author | Etienne CHAMPETIER <champetier.etienne@gmail.com> | 2015-08-27 01:26:45 +0200 |
|---|---|---|
| committer | John Crispin <blogic@openwrt.org> | 2015-10-07 11:07:54 +0200 |
| commit | 51201235db9dad9fe1823d9de46ed90f5e160fd0 (patch) | |
| tree | 6abff11a7f8ffd602756ce3802ddafdab48bdc9e /jail/capabilities.h | |
| parent | fafbf7338ec8304f2a0ec0ba76048fba2c01c07e (diff) | |
| download | unitd-51201235db9dad9fe1823d9de46ed90f5e160fd0.tar unitd-51201235db9dad9fe1823d9de46ed90f5e160fd0.zip | |
jail: add capabilities support
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Diffstat (limited to 'jail/capabilities.h')
| -rw-r--r-- | jail/capabilities.h | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/jail/capabilities.h b/jail/capabilities.h new file mode 100644 index 0000000..e6699e9 --- /dev/null +++ b/jail/capabilities.h @@ -0,0 +1,14 @@ +/* + * Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 2.1 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +int drop_capabilities(const char *file); |