nxt_capability.c (1328:363f5cc2b4ec) nxt_capability.c (1489:4a3ec07f4b19)
1/*
2 * Copyright (C) Igor Sysoev
3 * Copyright (C) NGINX, Inc.
4 */
5
6#include <nxt_main.h>
7
8#if (NXT_HAVE_LINUX_CAPABILITY)

--- 25 unchanged lines hidden (view full) ---

34
35nxt_int_t
36nxt_capability_set(nxt_task_t *task, nxt_capabilities_t *cap)
37{
38 nxt_assert(cap->setid == 0);
39
40 if (geteuid() == 0) {
41 cap->setid = 1;
1/*
2 * Copyright (C) Igor Sysoev
3 * Copyright (C) NGINX, Inc.
4 */
5
6#include <nxt_main.h>
7
8#if (NXT_HAVE_LINUX_CAPABILITY)

--- 25 unchanged lines hidden (view full) ---

34
35nxt_int_t
36nxt_capability_set(nxt_task_t *task, nxt_capabilities_t *cap)
37{
38 nxt_assert(cap->setid == 0);
39
40 if (geteuid() == 0) {
41 cap->setid = 1;
42 cap->chroot = 1;
42 return NXT_OK;
43 }
44
45 return nxt_capability_specific_set(task, cap);
46}
47
48
49#if (NXT_HAVE_LINUX_CAPABILITY)

--- 36 unchanged lines hidden (view full) ---

86 hdr.version = nxt_capability_linux_get_version();
87 hdr.pid = nxt_pid;
88
89 if (nxt_slow_path(nxt_capget(&hdr, val) == -1)) {
90 nxt_alert(task, "failed to get process capabilities: %E", nxt_errno);
91 return NXT_ERROR;
92 }
93
43 return NXT_OK;
44 }
45
46 return nxt_capability_specific_set(task, cap);
47}
48
49
50#if (NXT_HAVE_LINUX_CAPABILITY)

--- 36 unchanged lines hidden (view full) ---

87 hdr.version = nxt_capability_linux_get_version();
88 hdr.pid = nxt_pid;
89
90 if (nxt_slow_path(nxt_capget(&hdr, val) == -1)) {
91 nxt_alert(task, "failed to get process capabilities: %E", nxt_errno);
92 return NXT_ERROR;
93 }
94
95 if ((val->effective & (1 << CAP_SYS_CHROOT)) != 0) {
96 cap->chroot = 1;
97 }
98
94 if ((val->effective & (1 << CAP_SETUID)) == 0) {
95 return NXT_OK;
96 }
97
98 if ((val->effective & (1 << CAP_SETGID)) == 0) {
99 return NXT_OK;
100 }
101

--- 13 unchanged lines hidden ---
99 if ((val->effective & (1 << CAP_SETUID)) == 0) {
100 return NXT_OK;
101 }
102
103 if ((val->effective & (1 << CAP_SETGID)) == 0) {
104 return NXT_OK;
105 }
106

--- 13 unchanged lines hidden ---