summaryrefslogtreecommitdiff
path: root/linuxnamespaces
diff options
context:
space:
mode:
Diffstat (limited to 'linuxnamespaces')
-rw-r--r--linuxnamespaces/syscalls.py30
1 files changed, 28 insertions, 2 deletions
diff --git a/linuxnamespaces/syscalls.py b/linuxnamespaces/syscalls.py
index c22a9d8..8f5e25b 100644
--- a/linuxnamespaces/syscalls.py
+++ b/linuxnamespaces/syscalls.py
@@ -337,6 +337,12 @@ class OpenTreeFlags(enum.IntFlag):
)
+class PrctlOption(enum.IntEnum):
+ """This value may be supplied to prctl(2) as option."""
+
+ PR_CAP_AMBIENT = 47
+
+
class UmountFlags(enum.IntFlag):
"""This value may be supplied to umount2(2) as flags."""
@@ -622,11 +628,31 @@ def pivot_root(new_root: PathConvertible, put_old: PathConvertible) -> None:
"""Python wrapper for pivot_root(2)."""
call_libc("pivot_root", os.fsencode(new_root), os.fsencode(put_old))
+
def prctl(
- option: int, arg2: int = 0, arg3: int = 0, arg4: int = 0, arg5: int = 0
+ option: PrctlOption | int,
+ arg2: int = 0,
+ arg3: int = 0,
+ arg4: int = 0,
+ arg5: int = 0,
) -> int:
"""Python wrapper for prctl(2)."""
- return call_libc("prctl", option, arg2, arg3, arg4, arg5)
+ return call_libc("prctl", int(option), arg2, arg3, arg4, arg5)
+
+
+def prctl_raise_ambient_capabilities(capabilities: int) -> None:
+ """Raise all ambient capabilities in the given bitfield. If multiple bits
+ are set, this results in multiple prctl(2) syscalls.
+ """
+ while capabilities:
+ cap = capabilities & (~capabilities + 1)
+ capabilities ^= cap
+ prctl(
+ PrctlOption.PR_CAP_AMBIENT,
+ 2, # PR_CAP_AMBIENT_RAISE
+ cap.bit_length() - 1,
+ )
+
def setns(fd: int, nstype: CloneFlags = CloneFlags.NONE) -> None:
"""Python wrapper for setns(2)."""