From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Aug 2017 13:07:15 +0000 (+0200)
Subject: capability: add new ambient_capabilities_supported() helper
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=f7063548a0850e63e10cd33c38ccd47bdda20605;p=elogind.git

capability: add new ambient_capabilities_supported() helper

This new function reports whether ambient caps are available, and should
be quick because the result is cached.
---

diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index 952bcc2d7..9900eafd5 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -373,3 +373,18 @@ int drop_capability(cap_value_t cv) {
         return 0;
 }
 #endif // 0
+
+bool ambient_capabilities_supported(void) {
+        static int cache = -1;
+
+        if (cache >= 0)
+                return cache;
+
+        /* If PR_CAP_AMBIENT returns something valid, or an unexpected error code we assume that ambient caps are
+         * available. */
+
+        cache = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_KILL, 0, 0) >= 0 ||
+                !IN_SET(errno, EINVAL, EOPNOTSUPP, ENOSYS);
+
+        return cache;
+}