18795135167

Committed 24 Oct 2025 08:21PM UTC coverage: 72.26% (-0.02%) from 72.284%

Build # 18795135167

Build Type

push

github

Committed by

poettering

Commit Message

rules: apply loopback block device rule only onto loopback block devices

Fixes: #39426
Follow-up for: 9422ce83c

Run Details

304809 of 421823 relevant lines covered (72.26%)

1112914.25 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

72.73

/src/basic/capability-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <linux/capability.h>   /* IWYU pragma: export */

#include "basic-forward.h"

/* Special marker used when storing a capabilities mask as "unset". This would need to be updated as soon as
 * Linux learns more than 63 caps. */
#define CAP_MASK_UNSET UINT64_MAX

/* All possible capabilities bits on */
#define CAP_MASK_ALL UINT64_C(0x7fffffffffffffff)

/* The largest capability we can deal with, given we want to be able to store cap masks in uint64_t but still
 * be able to use UINT64_MAX as indicator for "not set". The latter makes capability 63 unavailable. */
#define CAP_LIMIT 62
assert_cc(CAP_LAST_CAP <= CAP_LIMIT);

/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
 * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))

typedef struct CapabilityQuintet {
        /* Stores all five types of capabilities in one go. */
        uint64_t effective;
        uint64_t bounding;
        uint64_t inheritable;
        uint64_t permitted;
        uint64_t ambient;
} CapabilityQuintet;

#define CAPABILITY_QUINTET_NULL         \
        (const CapabilityQuintet) {     \
                CAP_MASK_UNSET,         \
                CAP_MASK_UNSET,         \
                CAP_MASK_UNSET,         \
                CAP_MASK_UNSET,         \
                CAP_MASK_UNSET,         \
        }

static inline bool capability_is_set(uint64_t v) {
        return v != CAP_MASK_UNSET;
}

int capability_get(CapabilityQuintet *ret);

unsigned cap_last_cap(void);
int have_effective_cap(unsigned cap);
int have_inheritable_cap(unsigned cap);
int capability_gain_cap_setpcap(void);
int capability_bounding_set_drop(uint64_t keep, bool right_now);
int capability_bounding_set_drop_usermode(uint64_t keep);

int capability_ambient_set_apply(uint64_t set, bool also_inherit);

int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities);

int drop_capability(unsigned cap);
int keep_capability(unsigned cap);

static inline uint64_t all_capabilities(void) {
        return UINT64_MAX >> (63 - cap_last_cap());
}

static inline bool cap_test_all(uint64_t caps) {
        return FLAGS_SET(caps, all_capabilities());
}

static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
        return capability_is_set(q->effective) ||
                capability_is_set(q->bounding) ||
                capability_is_set(q->inheritable) ||
                capability_is_set(q->permitted) ||
                capability_is_set(q->ambient);
}

static inline bool capability_quintet_is_fully_set(const CapabilityQuintet *q) {
        return capability_is_set(q->effective) &&
                capability_is_set(q->bounding) &&
                capability_is_set(q->inheritable) &&
                capability_is_set(q->permitted) &&
                capability_is_set(q->ambient);
}

static inline bool capability_quintet_equal(const CapabilityQuintet *a, const CapabilityQuintet *b) {
        return a->effective == b->effective &&
                a->bounding == b->bounding &&
                a->inheritable == b->inheritable &&
                a->permitted == b->permitted &&
                a->ambient == b->ambient;
}

/* Mangles the specified caps quintet taking the current bounding set into account:
 * drops all caps from all five sets if our bounding set doesn't allow them.
 * Returns true if the quintet was modified. */
bool capability_quintet_mangle(CapabilityQuintet *q);

int capability_quintet_enforce(const CapabilityQuintet *q);

int capability_get_ambient(uint64_t *ret);

int pidref_get_capability(const PidRef *pidref, CapabilityQuintet *ret);

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2	#pragma once
3
4	#include <linux/capability.h> /* IWYU pragma: export */
5
6	#include "basic-forward.h"
7
8	/* Special marker used when storing a capabilities mask as "unset". This would need to be updated as soon as
9	* Linux learns more than 63 caps. */
10	#define CAP_MASK_UNSET UINT64_MAX
11
12	/* All possible capabilities bits on */
13	#define CAP_MASK_ALL UINT64_C(0x7fffffffffffffff)
14
15	/* The largest capability we can deal with, given we want to be able to store cap masks in uint64_t but still
16	* be able to use UINT64_MAX as indicator for "not set". The latter makes capability 63 unavailable. */
17	#define CAP_LIMIT 62
18	assert_cc(CAP_LAST_CAP <= CAP_LIMIT);
19
20	/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
21	* order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
22	#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
23
24	typedef struct CapabilityQuintet {
25	/* Stores all five types of capabilities in one go. */
26	uint64_t effective;
27	uint64_t bounding;
28	uint64_t inheritable;
29	uint64_t permitted;
30	uint64_t ambient;
31	} CapabilityQuintet;
32
33	#define CAPABILITY_QUINTET_NULL \
34	(const CapabilityQuintet) { \
35	CAP_MASK_UNSET, \
36	CAP_MASK_UNSET, \
37	CAP_MASK_UNSET, \
38	CAP_MASK_UNSET, \
39	CAP_MASK_UNSET, \
40	}
41
42	static inline bool capability_is_set(uint64_t v) {
43	return v != CAP_MASK_UNSET;
44	}
45
46	int capability_get(CapabilityQuintet *ret);
47
48	unsigned cap_last_cap(void);
49	int have_effective_cap(unsigned cap);
50	int have_inheritable_cap(unsigned cap);
51	int capability_gain_cap_setpcap(void);
52	int capability_bounding_set_drop(uint64_t keep, bool right_now);
53	int capability_bounding_set_drop_usermode(uint64_t keep);
54
55	int capability_ambient_set_apply(uint64_t set, bool also_inherit);
56
57	int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities);
58
59	int drop_capability(unsigned cap);
60	int keep_capability(unsigned cap);
61
62	static inline uint64_t all_capabilities(void) {	10,957✔
63	return UINT64_MAX >> (63 - cap_last_cap());	21,757✔
64	}
65
66	static inline bool cap_test_all(uint64_t caps) {	10,800✔
67	return FLAGS_SET(caps, all_capabilities());	10,800✔
68	}
69
70	static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {	552✔
71	return capability_is_set(q->effective) \|\|	1,103✔
72	capability_is_set(q->bounding) \|\|	551✔
73	capability_is_set(q->inheritable) \|\|	551✔
74	capability_is_set(q->permitted) \|\|	1,103✔
75	capability_is_set(q->ambient);	551✔
76	}
77
78	static inline bool capability_quintet_is_fully_set(const CapabilityQuintet *q) {	10,673✔
79	return capability_is_set(q->effective) &&	21,346✔
80	capability_is_set(q->bounding) &&	10,673✔
81	capability_is_set(q->inheritable) &&	10,673✔
82	capability_is_set(q->permitted) &&	21,346✔
83	capability_is_set(q->ambient);	10,673✔
84	}
85
86	static inline bool capability_quintet_equal(const CapabilityQuintet a, const CapabilityQuintet b) {	×
87	return a->effective == b->effective &&	×
88	a->bounding == b->bounding &&	×
89	a->inheritable == b->inheritable &&	×
90	a->permitted == b->permitted &&	×
91	a->ambient == b->ambient;	×
92	}
93
94	/* Mangles the specified caps quintet taking the current bounding set into account:
95	* drops all caps from all five sets if our bounding set doesn't allow them.
96	* Returns true if the quintet was modified. */
97	bool capability_quintet_mangle(CapabilityQuintet *q);
98
99	int capability_quintet_enforce(const CapabilityQuintet *q);
100
101	int capability_get_ambient(uint64_t *ret);
102
103	int pidref_get_capability(const PidRef pidref, CapabilityQuintet ret);

systemd / systemd / 18795135167

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous