-
Notifications
You must be signed in to change notification settings - Fork 0
/
gradm_ns.c
50 lines (39 loc) · 1.19 KB
/
gradm_ns.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#include "gradm.h"
struct namespace_set namespace_list[] = {
{"CLONE_NEWNS", 0x00020000},
{"CLONE_NEWUTS", 0x04000000},
{"CLONE_NEWIPC", 0x08000000},
{"CLONE_NEWUSER", 0x10000000},
{"CLONE_NEWPID", 0x20000000},
{"CLONE_NEWNET", 0x40000000},
};
u_int32_t
namespace_conv(const char *namespace)
{
int i;
for (i = 0; i < sizeof (namespace_list) / sizeof (struct namespace_set); i++)
if (!strcmp(namespace, namespace_list[i].namespace_name))
return (namespace_list[i].namespace_val);
fprintf(stderr, "Invalid namespace name \"%s\" on line %lu of %s.\n"
"The RBAC system will not load until this"
" error is fixed.\n", namespace, lineno, current_acl_file);
exit(EXIT_FAILURE);
return 0;
}
void
add_namespace_acl(struct proc_acl *subject, const char *namespace)
{
u_int32_t knamespace = namespace_conv(namespace + 1);
if (!subject) {
fprintf(stderr, "Error on line %lu of %s. Attempt to "
"add a namespace without a subject declaration.\n"
"The RBAC system will not load until this "
"error is fixed.\n", lineno, current_acl_file);
exit(EXIT_FAILURE);
}
if (*namespace == '+')
subject->namespaces |= knamespace;
else
subject->namespaces |= (knamespace << 8);
return;
}