X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcondition.c;h=2b51a16f17548e48500a460e533e4dee1de1b1b9;hp=e9786567726f6437698e7e554472d3ba3fd81d87;hb=4b9397474f2c80957fd1cedf885061052333fb25;hpb=8095200d05ad28e84a3480f94f061783150db81e diff --git a/src/condition.c b/src/condition.c index e97865677..2b51a16f1 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@ #include #include #include +#include #ifdef HAVE_SELINUX #include @@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) { return true; /* Finally compare id */ - return streq(parameter, id); + return v > 0 && streq(parameter, id); } static bool test_security(const char *parameter) { @@ -159,6 +160,38 @@ static bool test_security(const char *parameter) { return false; } +static bool test_capability(const char *parameter) { + cap_value_t value; + FILE *f; + char line[LINE_MAX]; + unsigned long long capabilities = (unsigned long long) -1; + + /* If it's an invalid capability, we don't have it */ + + if (cap_from_name(parameter, &value) < 0) + return false; + + /* If it's a valid capability we default to assume + * that we have it */ + + f = fopen("/proc/self/status", "re"); + if (!f) + return true; + + while (fgets(line, sizeof(line), f)) { + truncate_nl(line); + + if (startswith(line, "CapBnd:")) { + (void) sscanf(line+7, "%llx", &capabilities); + break; + } + } + + fclose(f); + + return !!(capabilities & (1ULL << value)); +} + bool condition_test(Condition *c) { assert(c); @@ -214,6 +247,9 @@ bool condition_test(Condition *c) { case CONDITION_SECURITY: return test_security(c->parameter) == !c->negate; + case CONDITION_CAPABILITY: + return test_capability(c->parameter) == !c->negate; + case CONDITION_NULL: return !c->negate;