drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws, tpws : read cap_last_cap to avoid errors on some systems

Browse Source
This commit is contained in:
bolvan
2019-05-20 20:38:17 +03:00
parent 7504f697ce
commit b8696afdb7
18 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tpws/tpws.c
View File

@@ -816,23 +816,33 @@ bool setpcap(cap_value_t *caps,int ncaps)
cap_free(capabilities);
return true;
}
int getmaxcap()
{
int maxcap = CAP_LAST_CAP;
FILE *F = fopen("/proc/sys/kernel/cap_last_cap","r");
if (F)
{
fscanf(F,"%d",&maxcap);
fclose(F);
}
return maxcap;
}
bool dropcaps()
{
// must have CAP_SETPCAP at the end. its required to clear bounding set
cap_value_t cap_values[] = {CAP_SETPCAP};
int capct=sizeof(cap_values)/sizeof(*cap_values);
int maxcap = getmaxcap();
if (setpcap(cap_values, capct))
{
for(int cap=0;cap<=63;cap++)
for(int cap=0;cap<=maxcap;cap++)
{
if (cap_drop_bound(cap))
{
if (errno!=EINVAL)
{
fprintf(stderr,"could not drop cap %d\n",cap);
perror("cap_drop_bound");
}
fprintf(stderr,"could not drop cap %d\n",cap);
perror("cap_drop_bound");
}
}
}