[PATCH 5/9] cap_file: initialize rootid in _fcaps_load()

Christian Brauner christian at brauner.io
Fri Aug 10 16:13:31 UTC 2018


When the kernel supports namespaced file capabilites (VFS_REVISION_3) it
will return a struct vfs_ns_cap_data that will contain an additional
rootid field recording the rootid of the file capability sets in the
current user namespace.

When libcap has been compiled on a kernel that supports
VFS_CAP_REVISION_3 but is used on a kernel that does not support
VFS_CAP_REVISION_3 we need to initialize the root id of struct
vfs_ns_cap_data to zero so that no invalid data is passed along when a
VFS_REVISION_2 fcap was set on the file.

Signed-off-by: Christian Brauner <christian at brauner.io>
Reviewed-by: Serge Hallyn <serge at hallyn.com>
---
 libcap/cap_file.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 9b8f11e..eb98bf7 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -103,6 +103,13 @@ static cap_t _fcaps_load(struct vfs_cap_data *rawvfscap, cap_t result, int bytes
 	i++;
     }
 
+#ifdef VFS_CAP_REVISION_3
+    /* The kernel returns the rootid as a _le32. In case we're on a big endian
+     * machine we need to fix this up.
+     */
+    result->rootid = FIXUP_32BITS(rawvfscap->rootid);
+#endif
+
     return result;
 }
 
@@ -221,6 +228,7 @@ cap_t cap_get_fd(int fildes)
 	_cap_debug("getting fildes capabilities");
 
 	/* fill the capability sets via a system call */
+	rawvfscap.rootid = 0;
 	sizeofcaps = fgetxattr(fildes, XATTR_NAME_CAPS,
 			       &rawvfscap, sizeof(rawvfscap));
 	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
@@ -255,6 +263,7 @@ cap_t cap_get_file(const char *filename)
 	_cap_debug("getting filename capabilities");
 
 	/* fill the capability sets via a system call */
+	rawvfscap.rootid = 0;
 	sizeofcaps = getxattr(filename, XATTR_NAME_CAPS,
 			      &rawvfscap, sizeof(rawvfscap));
 	if (sizeofcaps < ssizeof(rawvfscap.magic_etc)) {
-- 
2.17.1



More information about the Linux-security-module-archive mailing list