def test_drop_all_caps_except(self, mock_capset):
mock_capset.return_value = 0
# Somewhat arbitrary bit patterns to exercise _caps_to_mask
capabilities.drop_all_caps_except((17, 24, 49), (8, 10, 35, 56), (24, 31, 40))
self.assertEqual(1, mock_capset.call_count)
hdr, data = mock_capset.call_args[0]
self.assertEqual(0x20071026, hdr.version) # _LINUX_CAPABILITY_VERSION_2
self.assertEqual(0x01020000, data[0].effective)
self.assertEqual(0x00020000, data[1].effective)
self.assertEqual(0x00000500, data[0].permitted)
self.assertEqual(0x01000008, data[1].permitted)
self.assertEqual(0x81000000, data[0].inheritable)
self.assertEqual(0x00000100, data[1].inheritable)
def test_drop_all_caps_except(self, mock_capset):
mock_capset.return_value = 0
# Somewhat arbitrary bit patterns to exercise _caps_to_mask
capabilities.drop_all_caps_except(
(17, 24, 49), (8, 10, 35, 56), (24, 31, 40))
self.assertEqual(1, mock_capset.call_count)
hdr, data = mock_capset.call_args[0]
self.assertEqual(0x20071026, # _LINUX_CAPABILITY_VERSION_2
hdr.version)
self.assertEqual(0x01020000, data[0].effective)
self.assertEqual(0x00020000, data[1].effective)
self.assertEqual(0x00000500, data[0].permitted)
self.assertEqual(0x01000008, data[1].permitted)
self.assertEqual(0x81000000, data[0].inheritable)
self.assertEqual(0x00000100, data[1].inheritable)
def _drop_privs(self):
try:
# Keep current capabilities across setuid away from root.
capabilities.set_keepcaps(True)
if self.group is not None:
try:
os.setgroups([])
except OSError:
msg = _('Failed to remove supplemental groups')
LOG.critical(msg)
raise FailedToDropPrivileges(msg)
if self.user is not None:
setuid(self.user)
if self.group is not None:
setgid(self.group)
finally:
capabilities.set_keepcaps(False)
LOG.info(_LI('privsep process running with uid/gid: %(uid)s/%(gid)s'),
{
'uid': os.getuid(),
'gid': os.getgid()
})
capabilities.drop_all_caps_except(self.caps, self.caps, [])
def fmt_caps(capset):
if not capset:
return 'none'
fc = [capabilities.CAPS_BYVALUE.get(c, str(c)) for c in capset]
fc.sort()
return '|'.join(fc)
eff, prm, inh = capabilities.get_caps()
LOG.info(
_LI('privsep process running with capabilities '
'(eff/prm/inh): %(eff)s/%(prm)s/%(inh)s'), {
'eff': fmt_caps(eff),
'prm': fmt_caps(prm),
'inh': fmt_caps(inh),
})
def _drop_privs(self):
try:
# Keep current capabilities across setuid away from root.
capabilities.set_keepcaps(True)
if self.group is not None:
try:
os.setgroups([])
except OSError:
msg = _('Failed to remove supplemental groups')
LOG.critical(msg)
raise FailedToDropPrivileges(msg)
if self.user is not None:
setuid(self.user)
if self.group is not None:
setgid(self.group)
finally:
capabilities.set_keepcaps(False)
LOG.info(_LI('privsep process running with uid/gid: %(uid)s/%(gid)s'),
{'uid': os.getuid(), 'gid': os.getgid()})
capabilities.drop_all_caps_except(self.caps, self.caps, [])
def fmt_caps(capset):
if not capset:
return 'none'
fc = [capabilities.CAPS_BYVALUE.get(c, str(c))
for c in capset]
fc.sort()
return '|'.join(fc)
eff, prm, inh = capabilities.get_caps()
LOG.info(
_LI('privsep process running with capabilities '
'(eff/prm/inh): %(eff)s/%(prm)s/%(inh)s'),
{
'eff': fmt_caps(eff),
'prm': fmt_caps(prm),
'inh': fmt_caps(inh),
})