Re: [PATCH] Implement file posix capabilities

All of lore.kernel.org
 help / color / mirror / Atom feed

From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: "Bill O'Donnell" <billodo@sgi.com>,
	Chris Friedhoff <chris@friedhoff.org>,
	Andrew Morton <akpm@osdl.org>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <jmorris@namei.org>,
	Chris Wright <chrisw@sous-sol.org>,
	Alexey Dobriyan <adobriyan@gmail.com>
Subject: Re: [PATCH] Implement file posix capabilities
Date: Sat, 02 Dec 2006 12:30:59 +0900	[thread overview]
Message-ID: <4570F373.5090608@kaigai.gr.jp> (raw)
In-Reply-To: <20061130225707.GA23379@sergelap.austin.ibm.com>

Oops, it's my stupid bug.

> Ah, this actually makes sense.  The setfcaps usage() statement does
> 
> 	for (i=0; _cap_names[i]; i++) {
> 		printf...
> 
> so it expects _cap_names to end with a terminating NULL, but that
> doesn't seem to be the case in cap_names.h in libcap.
> 
> KaiGai, perhaps setfcaps should do something like
> 
> diff setfcaps.c.orig setfcaps.c
> 25c25
> <     for (i=0; _cap_names[i]; i++)
> ---
>>     for (i=0; i<__CAP_BITS; i++)

I fixed the matter as follows:

[kaigai@masu libcap-1.10.kg]$ env LANG=C svn diff -r2:3
Index: libcap/_makenames.c
===================================================================
--- libcap/_makenames.c (revision 2)
+++ libcap/_makenames.c (revision 3)
@@ -45,6 +45,7 @@
            "#define __CAP_BITS   %d\n"
            "\n"
            "#ifdef LIBCAP_PLEASE_INCLUDE_ARRAY\n"
+          "  int const _cap_names_num = __CAP_BITS;\n"
            "  char const *_cap_names[__CAP_BITS] = {\n", maxcaps);

      for (i=0; i<maxcaps; ++i) {
Index: libcap/include/sys/capability.h
===================================================================
--- libcap/include/sys/capability.h     (revision 2)
+++ libcap/include/sys/capability.h     (revision 3)
@@ -113,6 +113,7 @@
  extern int capgetp(pid_t pid, cap_t cap_d);
  extern int capsetp(pid_t pid, cap_t cap_d);
  extern char const *_cap_names[];
+extern int const _cap_names_num;

  #endif /* !defined(_POSIX_SOURCE) */

Index: progs/setfcaps.c
===================================================================
--- progs/setfcaps.c    (revision 2)
+++ progs/setfcaps.c    (revision 3)
@@ -14,6 +14,7 @@
  #include <errno.h>
  #include <sys/capability.h>

+extern int const _cap_names_num;
  extern char const *_cap_names[];

  static void usage() {
@@ -21,8 +22,8 @@
      int i;

      fputs(message, stderr);
-    for (i=0; _cap_names[i]; i++)
-       fprintf(stderr, "%s%s", i%4==0 ? "\n\t" : ", ", _cap_names[i]);
+    for (i=0; i < _cap_names_num; i++)
+        fprintf(stderr, "%s%s", i%4==0 ? "\n\t" : ", ", _cap_names[i]);
      fputc('\n', stderr);
      exit(0);
  }
[kaigai@masu libcap-1.10.kg]$

Because '__CAP_BITS' is decided at compiling time, I think it's not
appropriate to indicate the length of _cap_names[] which is linked
at run time.
Therefore, I add a new integer variable _cap_names_num to represent
the length of _cap_names at run time.

You can download it from http://www.kaigai.gr.jp/index.php?FrontPage#b556e50d

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

next prev parent reply	other threads:[~2006-12-02  3:31 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-27 17:07 [PATCH] Implement file posix capabilities Serge E. Hallyn
2006-11-29 10:28 ` Chris Friedhoff
2006-11-29 20:40   ` Bill O'Donnell
2006-11-30 18:05     ` Bill O'Donnell
2006-11-30 22:57       ` Serge E. Hallyn
2006-12-01 19:28         ` Bill O'Donnell
2006-12-02  3:30         ` KaiGai Kohei [this message]
2007-01-24 16:30           ` Bill O'Donnell
2007-01-24 20:24             ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4570F373.5090608@kaigai.gr.jp \
    --to=kaigai@kaigai.gr.jp \
    --cc=adobriyan@gmail.com \
    --cc=akpm@osdl.org \
    --cc=billodo@sgi.com \
    --cc=chris@friedhoff.org \
    --cc=chrisw@sous-sol.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.