You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
1.6 KiB
Go
77 lines
1.6 KiB
Go
package main
|
|
|
|
import (
|
|
"log"
|
|
"os"
|
|
"os/exec"
|
|
|
|
"github.com/syndtr/gocapability/capability"
|
|
)
|
|
|
|
func getCurrentCaps() *capability.Capabilities {
|
|
caps, err := capability.NewPid2(0)
|
|
if err != nil {
|
|
log.Fatalf("Could not get self caps: %+v\n", err)
|
|
}
|
|
|
|
err = caps.Load()
|
|
if err != nil {
|
|
log.Fatalf("Could not load self caps: %+v\n", err)
|
|
}
|
|
|
|
return &caps
|
|
}
|
|
|
|
func getSelfFileCaps() *capability.Capabilities {
|
|
self, err := os.Executable()
|
|
log.Printf("Getting caps for: %s\n", self)
|
|
if err != nil {
|
|
log.Fatalf("Could not get path to own executable: %+v\n", err)
|
|
}
|
|
caps, err := capability.NewFile2(self)
|
|
if err != nil {
|
|
log.Fatalf("Could not get file caps: %+v\n", err)
|
|
}
|
|
|
|
err = caps.Load()
|
|
if err != nil {
|
|
log.Fatalf("Could not load file caps: %+v\n", err)
|
|
}
|
|
|
|
return &caps
|
|
}
|
|
|
|
func hasCapSysResource(caps *capability.Capabilities) bool {
|
|
return (*caps).Get(capability.EFFECTIVE, capability.CAP_SYS_RESOURCE)
|
|
}
|
|
|
|
func makeBinarySetcapped() error {
|
|
fileCaps := *getSelfFileCaps()
|
|
if !hasCapSysResource(&fileCaps) {
|
|
fileCaps.Set(capability.EFFECTIVE|capability.PERMITTED|capability.INHERITABLE, capability.CAP_SYS_RESOURCE)
|
|
err := fileCaps.Apply(capability.EFFECTIVE | capability.PERMITTED | capability.INHERITABLE)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func pkexecSetcapSelf() error {
|
|
self, err := os.Executable()
|
|
if err != nil {
|
|
log.Fatalf("Couldn't find path to own binary\n")
|
|
return err
|
|
}
|
|
|
|
cmd := exec.Command("pkexec", self, "-setcap")
|
|
log.Printf("Calling: %s\n", cmd.String())
|
|
err = cmd.Run()
|
|
if err != nil {
|
|
log.Printf("Couldn't setcap self as root: %v\n", err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|