Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capability: add separate ambient and bound API #176

Merged
merged 7 commits into from
Nov 7, 2024
Merged

capability: add separate ambient and bound API #176

merged 7 commits into from
Nov 7, 2024

Commits on Oct 30, 2024

  1. capability: fix a typo 

    Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Oct 30, 2024
    Configuration menu
    Copy the full SHA
    0b071ef View commit details
    Browse the repository at this point in the history

Commits on Oct 31, 2024

  1. capability: improve error handling for func Apply 

    Signed-off-by: lifubang <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
    @lifubang @kolyshkin
    lifubang authored and kolyshkin committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    bb713bc View commit details
    Browse the repository at this point in the history

  2. capability: prctl nit 

    All the prctl calls that we make (or can potentially make) are limited
to 3 arguments, so it's sufficient to use Syscall (rather than
Syscall6).

This is mostly a cosmetic change.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    8f1f88b View commit details
    Browse the repository at this point in the history

  3. capability: use raw syscalls 

    RawSyscall is preferable for syscalls that do not block, and neither
of the ones used by this package do.

This makes the whole thing a bit faster.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    f092a6d View commit details
    Browse the repository at this point in the history

  4. capability: test fix 

    We need to lock OS thread as this library deals with per-thread
capabilities.

Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    a902dc6 View commit details
    Browse the repository at this point in the history

  5. capability: add {Get,Set,Reset}Ambient API 

    The API is the same as in kernel.org/pub/linux/libs/security/libcap/cap
package, although the implementation is a bit simpler (here we only set
capabilities for the calling thread).

Co-authored-by: lifubang <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin @lifubang
    kolyshkin and lifubang committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    9463687 View commit details
    Browse the repository at this point in the history

Commits on Nov 7, 2024

  1. capability: add GetBound, DropBound 

    Signed-off-by: Kir Kolyshkin <[email protected]>
    @kolyshkin
    kolyshkin committed Nov 7, 2024
    Configuration menu
    Copy the full SHA
    c1ade77 View commit details
    Browse the repository at this point in the history