1 // SPDX-License-Identifier: GPL-2.0
2 #include "cap_helpers.h"
4 /* Avoid including <sys/capability.h> from the libcap-devel package,
5 * so directly declare them here and use them from glibc.
7 int capget(cap_user_header_t header
, cap_user_data_t data
);
8 int capset(cap_user_header_t header
, const cap_user_data_t data
);
10 int cap_enable_effective(__u64 caps
, __u64
*old_caps
)
12 struct __user_cap_data_struct data
[_LINUX_CAPABILITY_U32S_3
];
13 struct __user_cap_header_struct hdr
= {
14 .version
= _LINUX_CAPABILITY_VERSION_3
,
17 __u32 cap1
= caps
>> 32;
20 err
= capget(&hdr
, data
);
25 *old_caps
= (__u64
)(data
[1].effective
) << 32 | data
[0].effective
;
27 if ((data
[0].effective
& cap0
) == cap0
&&
28 (data
[1].effective
& cap1
) == cap1
)
31 data
[0].effective
|= cap0
;
32 data
[1].effective
|= cap1
;
33 err
= capset(&hdr
, data
);
40 int cap_disable_effective(__u64 caps
, __u64
*old_caps
)
42 struct __user_cap_data_struct data
[_LINUX_CAPABILITY_U32S_3
];
43 struct __user_cap_header_struct hdr
= {
44 .version
= _LINUX_CAPABILITY_VERSION_3
,
47 __u32 cap1
= caps
>> 32;
50 err
= capget(&hdr
, data
);
55 *old_caps
= (__u64
)(data
[1].effective
) << 32 | data
[0].effective
;
57 if (!(data
[0].effective
& cap0
) && !(data
[1].effective
& cap1
))
60 data
[0].effective
&= ~cap0
;
61 data
[1].effective
&= ~cap1
;
62 err
= capset(&hdr
, data
);
