ethercat_grant.cpp
Go to the documentation of this file.
00001 
00006 #include <stdio.h>
00007 #include <unistd.h>
00008 #include <errno.h>
00009 #include <string.h>
00010 #include <sys/capability.h>
00011 #include <string>
00012 #include <cstdlib>
00013 #include <sys/prctl.h>
00014 
00015 using namespace std;
00016 
00017 #define EXECUTABLE "/var/tmp/granted"
00018 
00019 int main(int argc, char *argv[])
00020 {
00021   // Remove old executable, if it exists
00022   unlink(EXECUTABLE);
00023 
00024   // Copy new executable to /var/tmp
00025   string cmd;
00026   cmd = string("cp ") + string(argv[1]) + string(" " EXECUTABLE);
00027   if (system(cmd.c_str()) == -1) {
00028     perror("cp");
00029     return -1;
00030   }
00031   if (chown(EXECUTABLE, getuid(), getgid()) < 0) {
00032     perror("chown");
00033     return -1;
00034   }
00035 
00036   // Create capability set
00037   const char *cap_text = "cap_ipc_lock=ep cap_net_raw=ep cap_sys_nice=ep cap_net_admin=ep";
00038   cap_t cap_d = cap_from_text(cap_text);
00039   if (cap_d == NULL) {
00040     perror("cap_from_text");
00041     return -1;
00042   }
00043 
00044   // Set file capability
00045   int retval = cap_set_file(EXECUTABLE, cap_d);
00046   if (retval != 0) {
00047     fprintf(stderr, "Failed to set capabilities on file `%s' (%s)\n", argv[1], strerror(errno));
00048     return -1;
00049   }
00050 
00051   // Free capability
00052   if (cap_d) {
00053     cap_free(cap_d);
00054   }
00055 
00056 
00057   // Drop privileges
00058   retval = setuid(getuid());
00059   retval = setgid(getgid());
00060 
00061   // Allow core dumps
00062   prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
00063 
00064   // Exec executable
00065   if (execv(EXECUTABLE, argv + 1) < 0) {
00066     perror("execv");
00067     return -1;
00068   }
00069 
00070   return 0;
00071 }

ethercat_grant
Author(s): Ugo Cupcic
autogenerated on Sat Jun 8 2019 10:25:52