- Timestamp:
- Jan 8, 2009 3:27:46 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
r15314 r15871 58 58 # include <sys/types.h> 59 59 # if defined(RT_OS_LINUX) 60 # undef USE_LIB_PCAP /* don't depend on libcap as we had to depend on either 61 libcap1 or libcap2 */ 62 63 # undef _POSIX_SOURCE 64 # include <linux/capability.h> 60 65 # include <sys/capability.h> 61 66 # include <sys/prctl.h> … … 600 605 * keep the cap_net_raw capability for ICMP sockets for the NAT stack. 601 606 */ 607 # ifdef USE_LIB_PCAP 602 608 if (!cap_set_proc(cap_from_text("all-eip cap_net_raw+ep"))) 603 609 prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0); 610 # else 611 cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr)); 612 cap_user_data_t cap = (cap_user_data_t)alloca(sizeof(*cap)); 613 memset(hdr, 0, sizeof(*hdr)); 614 hdr->version = _LINUX_CAPABILITY_VERSION; 615 memset(cap, 0, sizeof(*cap)); 616 cap->effective = CAP_TO_MASK(CAP_NET_RAW); 617 cap->permitted = CAP_TO_MASK(CAP_NET_RAW); 618 if (!capset(hdr, cap)) 619 prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0); 620 # endif 604 621 605 622 # elif defined(RT_OS_SOLARIS) … … 704 721 * Re-enable the cap_net_raw capability which was disabled during setresuid. 705 722 */ 723 # ifdef USE_LIB_PCAP 706 724 /** @todo Warn if that does not work? */ 707 725 cap_set_proc(cap_from_text("cap_net_raw+ep")); 726 # else 727 cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr)); 728 cap_user_data_t cap = (cap_user_data_t)alloca(sizeof(*cap)); 729 memset(hdr, 0, sizeof(*hdr)); 730 hdr->version = _LINUX_CAPABILITY_VERSION; 731 memset(cap, 0, sizeof(*cap)); 732 cap->effective = CAP_TO_MASK(CAP_NET_RAW); 733 cap->permitted = CAP_TO_MASK(CAP_NET_RAW); 734 /** @todo Warn if that does not work? */ 735 capset(hdr, cap); 736 # endif 708 737 # endif 709 738 }
Note:
See TracChangeset
for help on using the changeset viewer.