aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Seiler <christian@iwakd.de>2012-02-23 09:57:13 +0100
committerDaniel Lezcano <daniel.lezcano@free.fr>2012-02-23 09:57:13 +0100
commitd55bc1adad2f4929d26d91b295115a77ca6a0d05 (patch)
tree10fba598222e08409113fa94a2667886f2b45172
parentAdd CAP_SYSLOG and CAP_WAKE_ALARM to list of capabilities (diff)
downloadlxc-d55bc1adad2f4929d26d91b295115a77ca6a0d05.tar.gz
lxc-d55bc1adad2f4929d26d91b295115a77ca6a0d05.tar.bz2
lxc-d55bc1adad2f4929d26d91b295115a77ca6a0d05.zip
Accept numeric values for capabilities to drop
lxc.cap.drop now also accepts numeric values for capabilities. This allows the user to specify capabilities LXC doesn't know about yet or capabilities that were not part of the kernel headers LXC was compiled against. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
-rw-r--r--src/lxc/conf.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index c0d43d3..0c2ceef 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -60,6 +60,7 @@
#include "conf.h"
#include "log.h"
#include "lxc.h" /* for lxc_cgroup_set() */
+#include "caps.h" /* for lxc_caps_last_cap() */
lxc_log_define(lxc_conf, lxc);
@@ -1123,6 +1124,7 @@ static int setup_caps(struct lxc_list *caps)
{
struct lxc_list *iterator;
char *drop_entry;
+ char *ptr;
int i, capid;
lxc_list_for_each(iterator, caps) {
@@ -1140,6 +1142,21 @@ static int setup_caps(struct lxc_list *caps)
break;
}
+ if (capid < 0) {
+ /* try to see if it's numeric, so the user may specify
+ * capabilities that the running kernel knows about but
+ * we don't */
+ capid = strtol(drop_entry, &ptr, 10);
+ if (!ptr || *ptr != '\0' ||
+ capid == LONG_MIN || capid == LONG_MAX)
+ /* not a valid number */
+ capid = -1;
+ else if (capid > lxc_caps_last_cap())
+ /* we have a number but it's not a valid
+ * capability */
+ capid = -1;
+ }
+
if (capid < 0) {
ERROR("unknown capability %s", drop_entry);
return -1;