Lines Matching +full:- +full:- +full:exit +full:- +full:status
2 * Copyright (c) 2008-11,16,19,2020 Andrew G. Morgan <morgan@kernel.org>
9 * The --print option can be used as a quick test whether various
43 /* parse a non-negative integer with some error handling */
50 if (len == 0 || *text == '-') { in nonneg_uint()
64 fprintf(stderr, "%s: want non-negative integer, got \"%s\"\n", in nonneg_uint()
66 exit(1); in nonneg_uint()
78 string[--i] = '\0'; in binary()
80 string[--i] = (value & 1) ? '1' : '0'; in binary()
123 exit(1); in display_current()
139 exit(1); in display_current_iab()
145 exit(1); in display_current_iab()
156 int status, j; in arg_print() local
171 printf("Securebits: 0%lo/0x%lx/%u'b%s (no-new-privs=%d)\n", set, set, in arg_print()
174 printf(" secure-noroot: %s (%s)\n", in arg_print()
177 printf(" secure-no-suid-fixup: %s (%s)\n", in arg_print()
180 printf(" secure-keep-caps: %s (%s)\n", in arg_print()
184 printf(" secure-no-ambient-raise: %s (%s)\n", in arg_print()
193 printf(" prctl-keep-caps: %s (locking not supported)\n", in arg_print()
203 printf("uid=%u(%s) euid=%u(%s)\n", uid, u ? u->pw_name : "???", euid, eu ? eu->pw_name : "???"); in arg_print()
206 printf("gid=%u(%s)\n", gid, g ? g->gr_name : "???"); in arg_print()
208 status = getgroups(MAX_GROUPS, groups); in arg_print()
210 for (j=0; j < status; j++) { in arg_print()
212 printf("%s%u(%s)", sep, groups[j], g ? g->gr_name : "???"); in arg_print()
235 exit(1); in will_need_setpcap()
239 exit(1); in will_need_setpcap()
244 /* no need to raise - since already raised */ in will_need_setpcap()
256 exit(1); in push_pcap()
277 int status; in arg_drop() local
281 exit(1); in arg_drop()
283 status = cap_drop_bound(j); in arg_drop()
286 exit(1); in arg_drop()
288 if (status != 0) { in arg_drop()
295 exit(1); in arg_drop()
306 exit(1); in arg_drop()
311 int status; in arg_drop() local
315 exit(1); in arg_drop()
320 exit(1); in arg_drop()
322 status = cap_drop_bound(cap); in arg_drop()
325 exit(1); in arg_drop()
327 if (status != 0) { in arg_drop()
329 exit(1); in arg_drop()
346 int status; in arg_change_amb() local
347 status = cap_set_ambient(j, set); in arg_change_amb()
348 if (status != 0) { in arg_change_amb()
355 exit(1); in arg_change_amb()
366 exit(1); in arg_change_amb()
371 int status; in arg_change_amb() local
375 exit(1); in arg_change_amb()
377 status = cap_set_ambient(cap, set); in arg_change_amb()
378 if (status != 0) { in arg_change_amb()
381 exit(1); in arg_change_amb()
398 int i, status=1; in find_self() local
402 for (i = strlen(arg0)-1; i >= 0 && arg0[i] != '/'; i--); in find_self()
409 fprintf(stderr, "no PATH environment variable found for re-execing\n"); in find_self()
410 exit(1); in find_self()
416 exit(1); in find_self()
428 status = 0; in find_self()
432 if (status) { in find_self()
439 if (status) { in find_self()
440 exit(status); in find_self()
449 fprintf(stderr, "sysconf(%d) returned a non-positive number: %ld\n", name, ans); in safe_sysconf()
450 exit(1); in safe_sysconf()
465 printf(" [/proc/self/status:CapXXX: 0x%016llx]\n\n", 1ULL<<cap); in describe()
481 exit(1); in do_launch()
486 exit(1); in do_launch()
494 exit(1); in do_launch()
497 exit(WEXITSTATUS(result)); in do_launch()
502 exit(1); in do_launch()
505 exit(1); in do_launch()
516 if (!strcmp("--quiet", argv[i])) { in main()
521 char *temp_name = cap_to_name(cap_max_bits() - 1); in main()
524 exit(1); in main()
529 cap_max_bits() - 1); in main()
533 if (!strncmp("--drop=", argv[i], 7)) { in main()
535 } else if (!strncmp("--dropped=", argv[i], 10)) { in main()
540 exit(1); in main()
545 exit(1); in main()
547 } else if (!strcmp("--has-ambient", argv[i])) { in main()
550 exit(1); in main()
552 } else if (!strncmp("--addamb=", argv[i], 9)) { in main()
554 } else if (!strncmp("--delamb=", argv[i], 9)) { in main()
556 } else if (!strncmp("--noamb", argv[i], 7)) { in main()
559 exit(1); in main()
561 } else if (!strcmp("--noenv", argv[i])) { in main()
563 } else if (!strncmp("--inh=", argv[i], 6)) { in main()
571 exit(1); in main()
577 exit(1); in main()
582 exit(1); in main()
594 exit(1); in main()
611 exit(1); in main()
614 } else if (!strcmp("--strict", argv[i])) { in main()
616 } else if (!strncmp("--caps=", argv[i], 7)) { in main()
623 exit(1); in main()
638 exit(1); in main()
641 * Since status is based on orig, we don't want to restore in main()
645 } else if (!strcmp("--modes", argv[i])) { in main()
656 } else if (!strncmp("--mode", argv[i], 6)) { in main()
674 exit(1); in main()
680 exit(1); in main()
689 } else if (!strncmp("--inmode=", argv[i], 9)) { in main()
695 exit(1); in main()
697 } else if (!strncmp("--keep=", argv[i], 7)) { in main()
701 value = nonneg_uint(argv[i]+7, "invalid --keep value", NULL); in main()
706 exit(1); in main()
708 } else if (!strncmp("--chroot=", argv[i], 9)) { in main()
709 int status; in main() local
715 exit(1); in main()
721 exit(1); in main()
727 exit(1); in main()
732 exit(1); in main()
736 status = chroot(argv[i]+9); in main()
739 exit(1); in main()
745 if (status == 0) { in main()
746 status = chdir("/"); in main()
751 if (status != 0) { in main()
753 exit(1); in main()
755 } else if (!strncmp("--secbits=", argv[i], 10)) { in main()
757 int status; in main() local
758 value = nonneg_uint(argv[i]+10, "invalid --secbits value", NULL); in main()
759 status = cap_set_secbits(value); in main()
760 if (status < 0) { in main()
763 exit(1); in main()
765 } else if (!strncmp("--forkfor=", argv[i], 10)) { in main()
769 exit(1); in main()
771 value = nonneg_uint(argv[i]+10, "invalid --forkfor value", NULL); in main()
773 fprintf(stderr, "require non-zero --forkfor value\n"); in main()
781 exit(0); in main()
783 } else if (!strncmp("--killit=", argv[i], 9)) { in main()
784 int retval, status; in main() local
788 value = nonneg_uint(argv[i]+9, "invalid --killit signo value", in main()
792 exit(1); in main()
797 exit(1); in main()
799 result = waitpid(child, &status, 0); in main()
803 exit(1); in main()
805 if (WTERMSIG(status) != value) { in main()
807 , value, WTERMSIG(status)); in main()
808 exit(1); in main()
811 } else if (!strncmp("--uid=", argv[i], 6)) { in main()
813 int status; in main() local
815 value = nonneg_uint(argv[i]+6, "invalid --uid value", NULL); in main()
816 status = setuid(value); in main()
817 if (status < 0) { in main()
820 exit(1); in main()
822 } else if (!strncmp("--cap-uid=", argv[i], 10)) { in main()
824 int status; in main() local
826 value = nonneg_uint(argv[i]+10, "invalid --cap-uid value", NULL); in main()
827 status = cap_setuid(value); in main()
828 if (status < 0) { in main()
831 exit(1); in main()
833 } else if (!strncmp("--gid=", argv[i], 6)) { in main()
835 int status; in main() local
837 value = nonneg_uint(argv[i]+6, "invalid --gid value", NULL); in main()
838 status = setgid(value); in main()
839 if (status < 0) { in main()
842 exit(1); in main()
844 } else if (!strncmp("--groups=", argv[i], 9)) { in main()
854 exit(1); in main()
861 exit(1); in main()
869 exit(1); in main()
875 exit(1); in main()
877 group_list[g_count] = g->gr_gid; in main()
885 exit(1); in main()
888 } else if (!strncmp("--user=", argv[i], 7)) { in main()
892 int status, ngroups; in main() local
898 exit(1); in main()
901 status = getgrouplist(user, pwd->pw_gid, groups, &ngroups); in main()
902 if (status < 1) { in main()
904 exit(1); in main()
906 status = cap_setgroups(pwd->pw_gid, ngroups, groups); in main()
907 if (status != 0) { in main()
909 exit(1); in main()
911 status = cap_setuid(pwd->pw_uid); in main()
912 if (status < 0) { in main()
914 pwd->pw_uid, user, strerror(errno)); in main()
915 exit(1); in main()
920 * --noenv to preserve the HOME etc values instead. in main()
922 if (setenv("HOME", pwd->pw_dir, 1) != 0) { in main()
924 exit(1); in main()
928 exit(1); in main()
931 } else if (!strncmp("--decode=", argv[i], 9)) { in main()
936 /* Note, if capabilities become longer than 64-bits we'll need in main()
956 } else if (!strncmp("--supports=", argv[i], 11)) { in main()
962 exit(1); in main()
967 exit(1); in main()
969 } else if (!strcmp("--print", argv[i])) { in main()
971 } else if ((!strcmp("--", argv[i])) || (!strcmp("==", argv[i])) in main()
972 || (!strcmp("-+", argv[i])) || (!strcmp("=+", argv[i]))) { in main()
976 argv[i--] = strdup("--quiet"); in main()
983 /* Two ways to chain load - use cap_launch() or execve() */ in main()
990 exit(1); in main()
991 } else if (!strncmp("--shell=", argv[i], 8)) { in main()
993 } else if (!strncmp("--has-p=", argv[i], 8)) { in main()
1001 exit(1); in main()
1006 exit(1); in main()
1010 exit(1); in main()
1013 } else if (!strncmp("--has-i=", argv[i], 8)) { in main()
1021 exit(1); in main()
1026 exit(1); in main()
1031 exit(1); in main()
1034 } else if (!strncmp("--has-a=", argv[i], 8)) { in main()
1039 exit(1); in main()
1043 exit(1); in main()
1045 } else if (!strncmp("--has-b=", argv[i], 8)) { in main()
1050 exit(1); in main()
1054 exit(1); in main()
1056 } else if (!strncmp("--is-uid=", argv[i], 9)) { in main()
1059 value = nonneg_uint(argv[i]+9, "invalid --is-uid value", NULL); in main()
1063 exit(1); in main()
1065 } else if (!strncmp("--is-gid=", argv[i], 9)) { in main()
1068 value = nonneg_uint(argv[i]+9, "invalid --is-gid value", NULL); in main()
1072 exit(1); in main()
1074 } else if (!strncmp("--iab=", argv[i], 6)) { in main()
1078 exit(1); in main()
1082 exit(1); in main()
1085 } else if (!strcmp("--no-new-privs", argv[i])) { in main()
1087 perror("unable to set no-new-privs"); in main()
1088 exit(1); in main()
1090 } else if (!strcmp("--has-no-new-privs", argv[i])) { in main()
1092 fprintf(stderr, "no-new-privs not set\n"); in main()
1093 exit(1); in main()
1095 } else if (!strcmp("--license", argv[i])) { in main()
1098 "Copyright (c) 2008-11,16,19-21 Andrew G. Morgan" in main()
1100 exit(0); in main()
1101 } else if (!strncmp("--explain=", argv[i], 10)) { in main()
1105 exit(1); in main()
1109 exit(1); in main()
1120 printf(" [/proc/self/status:CapXXX: 0x%016llx]\n", 1ULL<<cap); in main()
1121 } else if (!strncmp("--suggest=", argv[i], 10)) { in main()
1130 exit(1); in main()
1151 } else if (strcmp("--current", argv[i]) == 0) { in main()
1157 " --addamb=xxx add xxx,... capabilities to ambient set\n" in main()
1158 " --cap-uid=<n> use libcap cap_setuid() to change uid\n" in main()
1159 " --caps=xxx set caps as per cap_from_text()\n" in main()
1160 " --chroot=path chroot(2) to this path\n" in main()
1161 " --current show current caps and IAB vectors\n" in main()
1162 " --decode=xxx decode a hex string to a list of caps\n" in main()
1163 " --delamb=xxx remove xxx,... capabilities from ambient\n" in main()
1164 " --drop=xxx drop xxx,... caps from bounding set\n" in main()
1165 " --explain=xxx explain what capability xxx permits\n" in main()
1166 " --forkfor=<n> fork and make child sleep for <n> sec\n" in main()
1167 " --gid=<n> set gid to <n> (hint: id <username>)\n" in main()
1168 " --groups=g,... set the supplemental groups\n" in main()
1169 " --has-a=xxx exit 1 if capability xxx not ambient\n" in main()
1170 " --has-b=xxx exit 1 if capability xxx not dropped\n" in main()
1171 " --has-ambient exit 1 unless ambient vector supported\n" in main()
1172 " --has-i=xxx exit 1 if capability xxx not inheritable\n" in main()
1173 " --has-p=xxx exit 1 if capability xxx not permitted\n" in main()
1174 " --has-no-new-privs exit 1 if privs not limited\n" in main()
1175 " --help, -h this message (or try 'man capsh')\n" in main()
1176 " --iab=... use cap_iab_from_text() to set iab\n" in main()
1177 " --inh=xxx set xxx,.. inheritable set\n" in main()
1178 " --inmode=<xxx> exit 1 if current mode is not <xxx>\n" in main()
1179 " --is-uid=<n> exit 1 if uid != <n>\n" in main()
1180 " --is-gid=<n> exit 1 if gid != <n>\n" in main()
1181 " --keep=<n> set keep-capability bit to <n>\n" in main()
1182 " --killit=<n> send signal(n) to child\n" in main()
1183 " --license display license info\n" in main()
1184 " --mode display current libcap mode\n" in main()
1185 " --mode=<xxx> set libcap mode to <xxx>\n" in main()
1186 " --modes list libcap named modes\n" in main()
1187 " --no-new-privs set sticky process privilege limiter\n" in main()
1188 " --noamb reset (drop) all ambient capabilities\n" in main()
1189 " --noenv no fixup of env vars (for --user)\n" in main()
1190 " --print display capability relevant state\n" in main()
1191 " --quiet if first argument skip max cap check\n" in main()
1192 " --secbits=<n> write a new value for securebits\n" in main()
1193 " --shell=/xx/yy use /xx/yy instead of " SHELL " for --\n" in main()
1194 " --strict toggle --caps, --drop and --inh fixups\n" in main()
1195 " --suggest=text search cap descriptions for text\n" in main()
1196 " --supports=xxx exit 1 if capability xxx unsupported\n" in main()
1197 " --uid=<n> set uid to <n> (hint: id <username>)\n" in main()
1198 " --user=<name> set uid,gid and groups to that of user\n" in main()
1199 " == re-exec(capsh) with args as for --\n" in main()
1200 " =+ cap_launch capsh with args as for -+\n" in main()
1201 " -- remaining arguments are for " SHELL "\n" in main()
1202 " -+ cap_launch " SHELL " with remaining args\n" in main()
1203 " (without -- [%s] will simply exit(0))\n", in main()
1205 if (strcmp("--help", argv[1]) && strcmp("-h", argv[1])) { in main()
1206 exit(1); in main()
1208 exit(0); in main()
1212 exit(0); in main()