setpriv: dump ambient capabilities

As with the previous commit, this commit introduces the ability to dump
the set of ambient capabilities.

function                                             old     new   delta
setpriv_main                                         982    1129    +147
.rodata                                           146148  146198     +50

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 26 insertions, 0 deletions

diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c
index c3f9ea153..89fa2fc10 100644
--- a/util-linux/setpriv.c
+++ b/util-linux/setpriv.c
@@ -94,6 +94,11 @@
 #define PR_GET_NO_NEW_PRIVS 39
 #endif
 
+#ifndef PR_CAP_AMBIENT
+#define PR_CAP_AMBIENT 47
+#define PR_CAP_AMBIENT_IS_SET 1
+#endif
+
 enum {
         IF_FEATURE_SETPRIV_DUMP(OPTBIT_DUMP,)
         OPTBIT_NNP,
@@ -252,6 +257,27 @@ static int dump(void)
         if (!fmt[0])
                 printf("[none]");
 
+        printf("\nAmbient capabilities: ");
+        fmt = "";
+        for (i = 0; cap_valid(i); i++) {
+                int ret = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, (unsigned long) i, 0UL, 0UL);
+                if (ret < 0)
+                        bb_simple_perror_msg_and_die("prctl: CAP_AMBIENT_IS_SET");
+                if (ret) {
+#  if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES
+                        if (i < ARRAY_SIZE(capabilities))
+                                printf("%s%s", fmt, capabilities[i]);
+                        else
+#  endif
+                                printf("%scap_%u", fmt, i);
+                        fmt = ",";
+                }
+        }
+        if (i == 0)
+                printf("[unsupported]");
+        else if (!fmt[0])
+                printf("[none]");
+
         printf("\nCapability bounding set: ");
         fmt = "";
         for (i = 0; cap_valid(i); i++) {