Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple helper that checks if Linux filesystem capabilites() are set without using external libraries.
#include <sys/types.h>
#include <sys/xattr.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
/*
* A quick and dirty test to see if a given file has any Linux capabilities
* set.
*
* usage: has_caps filename
*
* Returns:
* 1 - has capabilites
* 0 - no capabilities
* -1 - usage/internal error
*/
int main(int argc, char *argv[]) {
const char *security_capability = "security.capability";
const char *path = NULL;
ssize_t len;
if (argc != 2) {
return -1;
}
path = argv[1];
len = getxattr(path, security_capability, NULL, 0);
if (len == -1) {
switch (errno) {
case ENODATA:
/* There are no capabilities set. */
return 0;
case ENOTSUP:
/* The file system does not support capabilities. */
return 0;
default:
/* File not found, etc (hard fail). */
return -1;
}
} else if (len == 0) {
/* Shouldn't happen (ENODATA), but treat it as if none are set. */
return 0;
}
return 1;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment