diff options
Diffstat (limited to 'cap')
| -rw-r--r-- | cap/cap.go | 28 | ||||
| -rw-r--r-- | cap/convenience.go | 26 | ||||
| -rw-r--r-- | cap/iab.go | 2 | ||||
| -rw-r--r-- | cap/launch.go | 4 | ||||
| -rw-r--r-- | cap/legacy.go | 2 | ||||
| -rw-r--r-- | cap/modern.go | 2 |
6 files changed, 32 insertions, 32 deletions
@@ -279,15 +279,15 @@ func (c *Set) SetProc() error { // defines from uapi/linux/prctl.h const ( - pr_CAPBSET_READ = 23 - pr_CAPBSET_DROP = 24 + prCapBSetRead = 23 + prCapBSetDrop = 24 ) // GetBound determines if a specific capability is currently part of // the local bounding set. On systems where the bounding set Value is // not present, this function returns an error. func GetBound(val Value) (bool, error) { - v, err := multisc.prctlrcall(pr_CAPBSET_READ, uintptr(val), 0) + v, err := multisc.prctlrcall(prCapBSetRead, uintptr(val), 0) if err != nil { return false, err } @@ -297,7 +297,7 @@ func GetBound(val Value) (bool, error) { //go:uintptrescapes func (sc *syscaller) dropBound(val ...Value) error { for _, v := range val { - if _, err := sc.prctlwcall(pr_CAPBSET_DROP, uintptr(v), 0); err != nil { + if _, err := sc.prctlwcall(prCapBSetDrop, uintptr(v), 0); err != nil { return err } } @@ -321,30 +321,30 @@ func DropBound(val ...Value) error { // defines from uapi/linux/prctl.h const ( - pr_CAP_AMBIENT = 47 + prCapAmbient = 47 - pr_CAP_AMBIENT_IS_SET = 1 - pr_CAP_AMBIENT_RAISE = 2 - pr_CAP_AMBIENT_LOWER = 3 - pr_CAP_AMBIENT_CLEAR_ALL = 4 + prCapAmbientIsSet = 1 + prCapAmbientRaise = 2 + prCapAmbientLower = 3 + prCapAmbientClearAll = 4 ) // GetAmbient determines if a specific capability is currently part of // the local ambient set. On systems where the ambient set Value is // not present, this function returns an error. func GetAmbient(val Value) (bool, error) { - r, err := multisc.prctlrcall6(pr_CAP_AMBIENT, pr_CAP_AMBIENT_IS_SET, uintptr(val), 0, 0, 0) + r, err := multisc.prctlrcall6(prCapAmbient, prCapAmbientIsSet, uintptr(val), 0, 0, 0) return r > 0, err } //go:uintptrescapes func (sc *syscaller) setAmbient(enable bool, val ...Value) error { - dir := uintptr(pr_CAP_AMBIENT_LOWER) + dir := uintptr(prCapAmbientLower) if enable { - dir = pr_CAP_AMBIENT_RAISE + dir = prCapAmbientRaise } for _, v := range val { - _, err := sc.prctlwcall6(pr_CAP_AMBIENT, dir, uintptr(v), 0, 0, 0) + _, err := sc.prctlwcall6(prCapAmbient, dir, uintptr(v), 0, 0, 0) if err != nil { return err } @@ -373,7 +373,7 @@ func (sc *syscaller) resetAmbient() error { return nil } } - _, err = sc.prctlwcall6(pr_CAP_AMBIENT, pr_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0, 0) + _, err = sc.prctlwcall6(prCapAmbient, prCapAmbientClearAll, 0, 0, 0, 0) return err } diff --git a/cap/convenience.go b/cap/convenience.go index 0c62efe..09cd287 100644 --- a/cap/convenience.go +++ b/cap/convenience.go @@ -31,9 +31,16 @@ const ( securedAmbientBits = securedBasicBits | SecbitNoCapAmbientRaise | SecbitNoCapAmbientRaiseLocked ) +// defines from uapi/linux/prctl.h +const ( + prSetKeepCaps = 8 + prGetSecureBits = 27 + prSetSecureBits = 28 +) + // GetSecbits returns the current setting of the process' Secbits. func GetSecbits() Secbits { - v, err := multisc.prctlrcall(PR_GET_SECUREBITS, 0, 0) + v, err := multisc.prctlrcall(prGetSecureBits, 0, 0) if err != nil { panic(err) } @@ -41,7 +48,7 @@ func GetSecbits() Secbits { } func (sc *syscaller) setSecbits(s Secbits) error { - _, err := sc.prctlwcall(PR_SET_SECUREBITS, uintptr(s), 0) + _, err := sc.prctlwcall(prSetSecureBits, uintptr(s), 0) return err } @@ -67,13 +74,6 @@ const ( ModePure1E ) -// defines from uapi/linux/prctl.h -const ( - PR_SET_KEEPCAPS = 8 - PR_GET_SECUREBITS = 27 - PR_SET_SECUREBITS = 28 -) - // GetMode assesses the current process state and summarizes it as // a Mode. This function always succeeds. Unfamiliar modes are // declared ModeUncertain. @@ -207,8 +207,8 @@ func (sc *syscaller) setUID(uid int) error { // these may or may not work depending on whether or not they // are locked. We try them just in case. - sc.prctlwcall(PR_SET_KEEPCAPS, 1, 0) - defer sc.prctlwcall(PR_SET_KEEPCAPS, 0, 0) + sc.prctlwcall(prSetKeepCaps, 1, 0) + defer sc.prctlwcall(prSetKeepCaps, 0, 0) if err := sc.setProc(w); err != nil { return err @@ -250,7 +250,7 @@ func (sc *syscaller) setGroups(gid int, suppl []int) error { return err } if len(suppl) == 0 { - if _, _, err := sc.w3(sys_setgroups_variant, 0, 0, 0); err != 0 { + if _, _, err := sc.w3(sysSetGroupsVariant, 0, 0, 0); err != 0 { return err } return nil @@ -261,7 +261,7 @@ func (sc *syscaller) setGroups(gid int, suppl []int) error { for i, g := range suppl { gs[i] = uint32(g) } - if _, _, err := sc.w3(sys_setgroups_variant, uintptr(len(suppl)), uintptr(unsafe.Pointer(&gs[0])), 0); err != 0 { + if _, _, err := sc.w3(sysSetGroupsVariant, uintptr(len(suppl)), uintptr(unsafe.Pointer(&gs[0])), 0); err != 0 { return err } return nil @@ -31,7 +31,7 @@ const ( Bound ) -// IABInit() returns an empty IAB. +// IABInit returns an empty IAB. func IABInit() *IAB { startUp.Do(multisc.cInit) return &IAB{ diff --git a/cap/launch.go b/cap/launch.go index abb221f..f4327c2 100644 --- a/cap/launch.go +++ b/cap/launch.go @@ -123,7 +123,7 @@ var ErrAmbiguousAmbient = errors.New("use Launcher for ambient caps") var lName = []byte("cap-launcher\000") // <uapi/linux/prctl.h> -const pr_SET_NAME = 15 +const prSetName = 15 //go:uintptrescapes func launch(result chan<- lResult, attr *Launcher, data interface{}) { @@ -149,7 +149,7 @@ func launch(result chan<- lResult, attr *Launcher, data interface{}) { // Name the launcher thread - transient, but helps if the // callbackFn or something else hangs up. - singlesc.prctlrcall(pr_SET_NAME, uintptr(unsafe.Pointer(&lName[0])), 0) + singlesc.prctlrcall(prSetName, uintptr(unsafe.Pointer(&lName[0])), 0) pa := &syscall.ProcAttr{ Files: []uintptr{0, 1, 2}, diff --git a/cap/legacy.go b/cap/legacy.go index 7bdf9b4..0bfd93e 100644 --- a/cap/legacy.go +++ b/cap/legacy.go @@ -4,4 +4,4 @@ package cap import "syscall" -var sys_setgroups_variant = uintptr(syscall.SYS_SETGROUPS32) +var sysSetGroupsVariant = uintptr(syscall.SYS_SETGROUPS32) diff --git a/cap/modern.go b/cap/modern.go index 04a4919..ad89416 100644 --- a/cap/modern.go +++ b/cap/modern.go @@ -5,4 +5,4 @@ package cap import "syscall" -var sys_setgroups_variant = uintptr(syscall.SYS_SETGROUPS) +var sysSetGroupsVariant = uintptr(syscall.SYS_SETGROUPS) |