Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/src/lxc/caps.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lxc/caps.c')
-rw-r--r--src/lxc/caps.c39
1 files changed, 39 insertions, 0 deletions
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 1610002..10a0b4a 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -213,3 +213,42 @@ int lxc_caps_last_cap(void)
return last_cap;
}
+
+/*
+ * check if we have the caps needed to start a container. returns 1 on
+ * success, 0 on error. (I'd prefer this be a bool, but am afraid that
+ * might fail to build on some distros).
+ */
+int lxc_caps_check(void)
+{
+ uid_t uid = getuid();
+ cap_t caps;
+ cap_flag_value_t value;
+ int i, ret;
+
+ cap_value_t needed_caps[] = { CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID };
+
+#define NUMCAPS ((int) (sizeof(needed_caps) / sizeof(cap_t)))
+
+ if (!uid)
+ return 1;
+
+ caps = cap_get_proc();
+ if (!caps) {
+ ERROR("failed to cap_get_proc: %m");
+ return 0;
+ }
+
+ for (i=0; i<NUMCAPS; i++) {
+ ret = cap_get_flag(caps, needed_caps[i], CAP_EFFECTIVE, &value);
+ if (ret) {
+ ERROR("Failed to cap_get_flag: %m");
+ return 0;
+ }
+ if (!value) {
+ return 0;
+ }
+ }
+
+ return 1;
+}