1 files changed, 0 insertions, 78 deletions
diff --git a/src/faudit/caps.c b/src/faudit/caps.c
deleted file mode 100644
index 46c262c89..000000000
--- a/src/faudit/caps.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "faudit.h"
-#include <linux/capability.h>
-#define MAXBUF 4098
-static int extract_caps(uint64_t *val) {
-        FILE *fp = fopen("/proc/self/status", "r");
-        if (!fp)
-                return 1;
-        char buf[MAXBUF];
-        while (fgets(buf, MAXBUF, fp)) {
-                if (strncmp(buf, "CapBnd:\t", 8) == 0) {
-                        char *ptr = buf + 8;
-                        unsigned long long tmp;
-                        sscanf(ptr, "%llx", &tmp);
-                        *val = tmp;
-                        fclose(fp);
-                        return 0;
-                }
-        }
-        fclose(fp);
-        return 1;
-}
-// return 1 if the capability is in tbe map
-static int check_capability(uint64_t map, int cap) {
-        int i;
-        uint64_t mask = 1ULL;
-        for (i = 0; i < 64; i++, mask <<= 1) {
-                if ((i == cap) && (mask & map))
-                        return 1;
-        }
-        return 0;
-}
-void caps_test(void) {
-        uint64_t caps_val;
-        if (extract_caps(&caps_val)) {
-                printf("SKIP: cannot extract capabilities on this platform.\n");
-                return;
-        }
-        if (caps_val) {
-                printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
-                printf("Use \"firejail --caps.drop=all\" to fix it.\n");
-                if (check_capability(caps_val, CAP_SYS_ADMIN))
-                        printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
-                if (check_capability(caps_val, CAP_SYS_BOOT))
-                        printf("UGLY: CAP_SYS_BOOT is enabled.\n");
-        }
-        else
-                printf("GOOD: all capabilities are disabled.\n");
-}

diff --git a/src/faudit/caps.c b/src/faudit/caps.c deleted file mode 100644 index 46c262c89..000000000 --- a/src/faudit/caps.c +++ /dev/null
@@ -1,78 +0,0 @@
1	/*
2	* Copyright (C) 2014-2018 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20
21	#include "faudit.h"
22	#include <linux/capability.h>
23
24	#define MAXBUF 4098
25	static int extract_caps(uint64_t *val) {
26	FILE *fp = fopen("/proc/self/status", "r");
27	if (!fp)
28	return 1;
29
30	char buf[MAXBUF];
31	while (fgets(buf, MAXBUF, fp)) {
32	if (strncmp(buf, "CapBnd:\t", 8) == 0) {
33	char *ptr = buf + 8;
34	unsigned long long tmp;
35	sscanf(ptr, "%llx", &tmp);
36	*val = tmp;
37	fclose(fp);
38	return 0;
39	}
40	}
41
42	fclose(fp);
43	return 1;
44	}
45
46	// return 1 if the capability is in tbe map
47	static int check_capability(uint64_t map, int cap) {
48	int i;
49	uint64_t mask = 1ULL;
50
51	for (i = 0; i < 64; i++, mask <<= 1) {
52	if ((i == cap) && (mask & map))
53	return 1;
54	}
55
56	return 0;
57	}
58
59	void caps_test(void) {
60	uint64_t caps_val;
61
62	if (extract_caps(&caps_val)) {
63	printf("SKIP: cannot extract capabilities on this platform.\n");
64	return;
65	}
66
67	if (caps_val) {
68	printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
69	printf("Use \"firejail --caps.drop=all\" to fix it.\n");
70
71	if (check_capability(caps_val, CAP_SYS_ADMIN))
72	printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
73	if (check_capability(caps_val, CAP_SYS_BOOT))
74	printf("UGLY: CAP_SYS_BOOT is enabled.\n");
75	}
76	else
77	printf("GOOD: all capabilities are disabled.\n");
78	}