1 files changed, 6 insertions, 7 deletions
diff --git a/src/faudit/caps.c b/src/faudit/caps.c
index b200c6792..d4a98676c 100644
--- a/src/faudit/caps.c
+++ b/src/faudit/caps.c
@@ -26,7 +26,7 @@ static int extract_caps(uint64_t *val) {
        FILE *fp = fopen("/proc/self/status", "r");
        if (!fp)
                return 1;
-        
        char buf[MAXBUF];
        while (fgets(buf, MAXBUF, fp)) {
                if (strncmp(buf, "CapBnd:\t", 8) == 0) {
@@ -47,7 +47,7 @@ static int extract_caps(uint64_t *val) {
 static int check_capability(uint64_t map, int cap) {
        int i;
        uint64_t mask = 1ULL;
-        
        for (i = 0; i < 64; i++, mask <<= 1) {
                if ((i == cap) && (mask & map))
                        return 1;
@@ -58,22 +58,21 @@ static int check_capability(uint64_t map, int cap) {
 void caps_test(void) {
        uint64_t caps_val;
-        
        if (extract_caps(&caps_val)) {
                printf("SKIP: cannot extract capabilities on this platform.\n");
                return;
        }
-        
        if (caps_val) {
                printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
                printf("Use \"firejail --caps.drop=all\" to fix it.\n");
-                
                if (check_capability(caps_val, CAP_SYS_ADMIN))
                        printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
                if (check_capability(caps_val, CAP_SYS_BOOT))
                        printf("UGLY: CAP_SYS_BOOT is enabled.\n");
        }
        else
-                printf("GOOD: all capabilities are disabled.\n"); 
+                printf("GOOD: all capabilities are disabled.\n");
 }

diff --git a/src/faudit/caps.c b/src/faudit/caps.c index b200c6792..d4a98676c 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c
@@ -26,7 +26,7 @@ static int extract_caps(uint64_t *val) {
26	FILE *fp = fopen("/proc/self/status", "r");	26	FILE *fp = fopen("/proc/self/status", "r");
27	if (!fp)	27	if (!fp)
28	return 1;	28	return 1;
29		29
30	char buf[MAXBUF];	30	char buf[MAXBUF];
31	while (fgets(buf, MAXBUF, fp)) {	31	while (fgets(buf, MAXBUF, fp)) {
32	if (strncmp(buf, "CapBnd:\t", 8) == 0) {	32	if (strncmp(buf, "CapBnd:\t", 8) == 0) {
@@ -47,7 +47,7 @@ static int extract_caps(uint64_t *val) {
47	static int check_capability(uint64_t map, int cap) {	47	static int check_capability(uint64_t map, int cap) {
48	int i;	48	int i;
49	uint64_t mask = 1ULL;	49	uint64_t mask = 1ULL;
50		50
51	for (i = 0; i < 64; i++, mask <<= 1) {	51	for (i = 0; i < 64; i++, mask <<= 1) {
52	if ((i == cap) && (mask & map))	52	if ((i == cap) && (mask & map))
53	return 1;	53	return 1;
@@ -58,22 +58,21 @@ static int check_capability(uint64_t map, int cap) {
58		58
59	void caps_test(void) {	59	void caps_test(void) {
60	uint64_t caps_val;	60	uint64_t caps_val;
61		61
62	if (extract_caps(&caps_val)) {	62	if (extract_caps(&caps_val)) {
63	printf("SKIP: cannot extract capabilities on this platform.\n");	63	printf("SKIP: cannot extract capabilities on this platform.\n");
64	return;	64	return;
65	}	65	}
66		66
67	if (caps_val) {	67	if (caps_val) {
68	printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);	68	printf("BAD: the capability map is %llx, it should be all zero. ", (unsigned long long) caps_val);
69	printf("Use \"firejail --caps.drop=all\" to fix it.\n");	69	printf("Use \"firejail --caps.drop=all\" to fix it.\n");
70		70
71	if (check_capability(caps_val, CAP_SYS_ADMIN))	71	if (check_capability(caps_val, CAP_SYS_ADMIN))
72	printf("UGLY: CAP_SYS_ADMIN is enabled.\n");	72	printf("UGLY: CAP_SYS_ADMIN is enabled.\n");
73	if (check_capability(caps_val, CAP_SYS_BOOT))	73	if (check_capability(caps_val, CAP_SYS_BOOT))
74	printf("UGLY: CAP_SYS_BOOT is enabled.\n");	74	printf("UGLY: CAP_SYS_BOOT is enabled.\n");
75	}	75	}
76	else	76	else
77	printf("GOOD: all capabilities are disabled.\n");	77	printf("GOOD: all capabilities are disabled.\n");
78	}	78	}
79