mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-27 14:58:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Explicitly disable Linux capabilities

Browse source
This commit is contained in:
Justine Tunney 2022-07-23 12:06:41 -07:00
parent ffedbfe14d
commit 16fc83f9ce
12 changed files with 269 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

29
libc/runtime/printargs.c
View file

@ -48,8 +48,10 @@
#include "libc/sock/sock.h"
#include "libc/str/str.h"
#include "libc/sysv/consts/auxv.h"
#include "libc/sysv/consts/cap.h"
#include "libc/sysv/consts/f.h"
#include "libc/sysv/consts/poll.h"
#include "libc/sysv/consts/pr.h"
#include "libc/sysv/consts/rlim.h"
#include "libc/sysv/consts/sig.h"
#include "libc/sysv/consts/termios.h"
@ -137,6 +139,9 @@ static noasan void PrintDependencies(const char *prologue) {
} while ((ldr = ldr->Next) && ldr != head);
}
static noasan void Print(const char *prologue) {
}
/**
* Prints lots of information about this process, e.g.
*
@ -150,6 +155,7 @@ textstartup void __printargs(const char *prologue) {
long key;
char **env;
sigset_t ss;
bool gotsome;
unsigned i, n;
int e, x, flags;
uintptr_t *auxp;
@ -223,8 +229,9 @@ textstartup void __printargs(const char *prologue) {
PRINT(" L%d%s%s %u-way %,u byte cache w/%s "
"%,u sets of %,u byte lines shared across %u threads%s",
CPUID4_CACHE_LEVEL,
CPUID4_CACHE_TYPE == 1 ? " data"
: CPUID4_CACHE_TYPE == 2 ? " code" : "",
CPUID4_CACHE_TYPE == 1 ? " data"
: CPUID4_CACHE_TYPE == 2 ? " code"
: "",
CPUID4_IS_FULLY_ASSOCIATIVE ? " fully-associative" : "",
CPUID4_WAYS_OF_ASSOCIATIVITY, CPUID4_CACHE_SIZE_IN_BYTES,
CPUID4_PHYSICAL_LINE_PARTITIONS > 1 ? " physically partitioned" : "",
@ -289,6 +296,24 @@ textstartup void __printargs(const char *prologue) {
PRINT(" error: sigprocmask() failed %m");
}
if (IsLinux()) {
PRINT("");
PRINT("CAPABILITIES");
if (prctl(PR_CAPBSET_READ, 0) != -1) {
for (gotsome = i = 0; i <= CAP_LAST_CAP; ++i) {
if (prctl(PR_CAPBSET_READ, i) == 1) {
PRINT(" ☼ %s", DescribeCapability(i));
gotsome = true;
}
}
if (!gotsome) {
PRINT(" ☼ %s", "none");
}
} else {
PRINT(" ☼ %s", strerror(errno));
}
}
PRINT("");
PRINT("RESOURCE LIMITS");
for (i = 0; i < RLIM_NLIMITS; ++i) {