setpriv: dump ambient capabilities

As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.

function                                             old     new   delta
setpriv_main                                         982    1129    +147
.rodata                                           146148  146198     +50

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 26 insertions, 0 deletions

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index c3f9ea153..89fa2fc10 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -94,6 +94,11 @@
 #define PR_GET_NO_NEW_PRIVS 39
 #endif
 
+#ifndef PR_CAP_AMBIENT
+#define PR_CAP_AMBIENT 47
+#define PR_CAP_AMBIENT_IS_SET 1
+#endif
+
 enum {
 	IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
 	OPTBIT_NNP,
@@ -252,6 +257,27 @@ static int dump(void)
 	if (!fmt[0])
 		printf("[none]");
 
+	printf("\nAmbient capabilities: ");
+	fmt = "";
+	for (i = 0; cap_valid(i); i++) {
+		int ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, (unsigned long) i, 0UL, 0UL);
+		if (ret < 0)
+			bb_simple_perror_msg_and_die("prctl: CAP_AMBIENT_IS_SET");
+		if (ret) {
+#  if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES
+			if (i < ARRAY_SIZE(capabilities))
+				printf("%s%s", fmt, capabilities[i]);
+			else
+#  endif
+				printf("%scap_%u", fmt, i);
+			fmt = ",";
+		}
+	}
+	if (i == 0)
+		printf("[unsupported]");
+	else if (!fmt[0])
+		printf("[none]");
+
 	printf("\nCapability bounding set: ");
 	fmt = "";
 	for (i = 0; cap_valid(i); i++) {