aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinkTed <link.ted@mailbox.org>2022-01-03 17:41:57 +0200
committerMike Frysinger <vapier@gmail.com>2022-02-06 17:17:46 -0500
commit79e5edc1a3187ef63bed80fe4ecb05a898b68f00 (patch)
tree6486571e87c6a4a566d980e1422584e13cc68130
parente045591845ab993d67a131f75a838e5993845de3 (diff)
capabilities: Add support for securebits flags
This adds securebits flags for start-stop-daemon and supervise-daemon by adding --secbits option. As a result, the user can specify securebits the program should run with. see capabilities(7)
-rw-r--r--man/start-stop-daemon.84
-rw-r--r--man/supervise-daemon.84
-rw-r--r--sh/start-stop-daemon.sh1
-rw-r--r--sh/supervise-daemon.sh1
-rw-r--r--src/rc/start-stop-daemon.c23
-rw-r--r--src/rc/supervise-daemon.c22
6 files changed, 55 insertions, 0 deletions
diff --git a/man/start-stop-daemon.8 b/man/start-stop-daemon.8
index 990e9097..aedbd0cb 100644
--- a/man/start-stop-daemon.8
+++ b/man/start-stop-daemon.8
@@ -164,6 +164,10 @@ log it or send it to another location.
.It Fl -capabilities Ar cap-list
Start the daemon with the listed inheritable, ambient and bounding capabilities.
The format is the same as in cap_iab(3).
+.It Fl -secbits Ar sec-bits
+Set the security-bits for the program.
+The numeric value of the security-bits can be found in <sys/secbits.h> header file.
+The format is the same as in strtoul(3).
.It Fl w , -wait Ar milliseconds
Wait
.Ar milliseconds
diff --git a/man/supervise-daemon.8 b/man/supervise-daemon.8
index 9ff6ff66..799a791a 100644
--- a/man/supervise-daemon.8
+++ b/man/supervise-daemon.8
@@ -161,6 +161,10 @@ but with the standard error output.
.It Fl -capabilities Ar cap-list
Start the daemon with the listed inheritable, ambient and bounding capabilities.
The format is the same as in cap_iab(3).
+.It Fl -secbits Ar sec-bits
+Set the security-bits for the program.
+The numeric value of the security-bits can be found in <sys/secbits.h> header file.
+The format is the same as in strtoul(3).
.El
.Sh ENVIRONMENT
.Va SSD_IONICELEVEL
diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh
index 02a7cd84..bbb4da37 100644
--- a/sh/start-stop-daemon.sh
+++ b/sh/start-stop-daemon.sh
@@ -54,6 +54,7 @@ ssd_start()
${output_logger_arg} \
${error_logger_arg} \
${capabilities+--capabilities} "$capabilities" \
+ ${secbits:+--secbits} "$secbits" \
${procname:+--name} $procname \
${pidfile:+--pidfile} $pidfile \
${command_user+--user} $command_user \
diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh
index be4c9d71..39fe5727 100644
--- a/sh/supervise-daemon.sh
+++ b/sh/supervise-daemon.sh
@@ -37,6 +37,7 @@ supervise_start()
${healthcheck_delay:+--healthcheck-delay} $healthcheck_delay \
${healthcheck_timer:+--healthcheck-timer} $healthcheck_timer \
${capabilities+--capabilities} "$capabilities" \
+ ${secbits:+--secbits} "$secbits" \
${command_user+--user} $command_user \
${umask+--umask} $umask \
${supervise_daemon_args:-${start_stop_daemon_args}} \
diff --git a/src/rc/start-stop-daemon.c b/src/rc/start-stop-daemon.c
index 4d89b0b6..e1a520f5 100644
--- a/src/rc/start-stop-daemon.c
+++ b/src/rc/start-stop-daemon.c
@@ -74,6 +74,7 @@ const char getoptstring[] = "I:KN:PR:Sa:bc:d:e:g:ik:mn:op:s:tu:r:w:x:1:2:3:4:" \
getoptstring_COMMON;
const struct option longopts[] = {
{ "capabilities", 1, NULL, 0x100},
+ { "secbits", 1, NULL, 0x101},
{ "ionice", 1, NULL, 'I'},
{ "stop", 0, NULL, 'K'},
{ "nicelevel", 1, NULL, 'N'},
@@ -107,6 +108,7 @@ const struct option longopts[] = {
};
const char * const longopts_help[] = {
"Set the inheritable, ambient and bounding capabilities",
+ "Set the security-bits for the program",
"Set an ionice class:data when starting",
"Stop daemon",
"Set a nicelevel when starting",
@@ -315,6 +317,7 @@ int main(int argc, char **argv)
unsigned int start_wait = 0;
#ifdef HAVE_CAP
cap_iab_t cap_iab = NULL;
+ unsigned secbits = 0;
#endif
applet = basename_c(argv[0]);
@@ -372,6 +375,21 @@ int main(int argc, char **argv)
#endif
break;
+ case 0x101:
+#ifdef HAVE_CAP
+ if (*optarg == '\0')
+ eerrorx("Secbits are empty");
+
+ tmp = NULL;
+ secbits = strtoul(optarg, &tmp, 0);
+ if (*tmp != '\0')
+ eerrorx("Could not parse secbits: invalid char %c", *tmp);
+#else
+ eerrorx("Capabilities support not enabled");
+#endif
+ break;
+
+
case 'I': /* --ionice */
if (sscanf(optarg, "%d:%d", &ionicec, &ioniced) == 0)
eerrorx("%s: invalid ionice `%s'",
@@ -890,6 +908,11 @@ int main(int argc, char **argv)
if (i != 0)
eerrorx("Could not set iab: %s", strerror(errno));
}
+
+ if (secbits != 0) {
+ if (cap_set_secbits(secbits) < 0)
+ eerrorx("Could not set securebits to 0x%x: %s", secbits, strerror(errno));
+ }
#endif
#ifdef TIOCNOTTY
diff --git a/src/rc/supervise-daemon.c b/src/rc/supervise-daemon.c
index 135fc902..5c5c01fc 100644
--- a/src/rc/supervise-daemon.c
+++ b/src/rc/supervise-daemon.c
@@ -78,6 +78,7 @@ const struct option longopts[] = {
{ "healthcheck-timer", 1, NULL, 'a'},
{ "healthcheck-delay", 1, NULL, 'A'},
{ "capabilities", 1, NULL, 0x100},
+ { "secbits", 1, NULL, 0x101},
{ "respawn-delay", 1, NULL, 'D'},
{ "chdir", 1, NULL, 'd'},
{ "env", 1, NULL, 'e'},
@@ -104,6 +105,7 @@ const char * const longopts_help[] = {
"set an initial health check delay",
"set a health check timer",
"Set the inheritable, ambient and bounding capabilities",
+ "Set the security-bits for the program",
"Set a respawn delay",
"Change the PWD",
"Set an environment string",
@@ -160,6 +162,7 @@ static char *svcname = NULL;
static bool verbose = false;
#ifdef HAVE_CAP
static cap_iab_t cap_iab = NULL;
+static unsigned secbits = 0;
#endif
extern char **environ;
@@ -427,6 +430,11 @@ static void child_process(char *exec, char **argv)
if (i != 0)
eerrorx("Could not set iab: %s", strerror(errno));
}
+
+ if (secbits != 0) {
+ if (cap_set_secbits(secbits) < 0)
+ eerrorx("Could not set securebits to 0x%x: %s", secbits, strerror(errno));
+ }
#endif
/* remove the controlling tty */
@@ -832,6 +840,20 @@ int main(int argc, char **argv)
#endif
break;
+ case 0x101:
+#ifdef HAVE_CAP
+ if (*optarg == '\0')
+ eerrorx("Secbits are empty");
+
+ tmp = NULL;
+ secbits = strtoul(optarg, &tmp, 0);
+ if (*tmp != '\0')
+ eerrorx("Could not parse secbits: invalid char %c", *tmp);
+#else
+ eerrorx("Capabilities support not enabled");
+#endif
+ break;
+
case 'D': /* --respawn-delay time */
n = sscanf(optarg, "%d", &respawn_delay);
if (n != 1 || respawn_delay < 1)