Move libcap use to (Linux) platform-specific code

The libcap code is Linux-specific so move it all below the linux/ platform subdirectory. As this feature has custom command-line long options I provide a mechanism whereby each platform can add custom long options that augment the main htop options. We'll make use this of this with the pcp/ platform in due course to implement the --host and --archive options there. Related to https://github.com/htop-dev/htop/pull/536
2025-07-12 12:14:36 +03:00 · 2021-03-17 14:29:40 +11:00
parent 57e0ce7b4f
commit 0ada9f325f
9 changed files with 220 additions and 164 deletions
--- a/linux/Platform.c
+++ b/linux/Platform.c
@ -12,6 +12,7 @@ in the source distribution for its full text.
 #include <assert.h>
 #include <ctype.h>
 #include <dirent.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
 #include <math.h>
@ -61,11 +62,23 @@ in the source distribution for its full text.
 #include "zfs/ZfsArcStats.h"
 #include "zfs/ZfsCompressedArcMeter.h"

+#ifdef HAVE_LIBCAP
+#include <sys/capability.h>
+#endif
+
 #ifdef HAVE_SENSORS_SENSORS_H
 #include "LibSensors.h"
 #endif


+#ifdef HAVE_LIBCAP
+enum CapMode {
+   CAP_MODE_NONE,
+   CAP_MODE_BASIC,
+   CAP_MODE_STRICT
+};
+#endif
+
 const ProcessField Platform_defaultFields[] = { PID, USER, PRIORITY, NICE, M_VIRT, M_RESIDENT, M_SHARE, STATE, PERCENT_CPU, PERCENT_MEM, TIME, COMM, 0 };

 const SignalItem Platform_signals[] = {
@ -112,22 +125,9 @@ static time_t Platform_Battery_cacheTime;
 static double Platform_Battery_cachePercent = NAN;
 static ACPresence Platform_Battery_cacheIsOnAC;

-void Platform_init(void) {
-   if (access(PROCDIR, R_OK) != 0) {
-      fprintf(stderr, "Error: could not read procfs (compiled to look in %s).\n", PROCDIR);
-      exit(1);
-   }
-
-#ifdef HAVE_SENSORS_SENSORS_H
-   LibSensors_init(NULL);
+#ifdef HAVE_LIBCAP
+static enum CapMode Platform_capabilitiesMode = CAP_MODE_BASIC;
 #endif
-}
-
-void Platform_done(void) {
-#ifdef HAVE_SENSORS_SENSORS_H
-   LibSensors_cleanup();
-#endif
-}

 static Htop_Reaction Platform_actionSetIOPriority(State* st) {
   const LinuxProcess* p = (const LinuxProcess*) Panel_getSelected((Panel*)st->mainPanel);
@ -845,3 +845,146 @@ void Platform_getBattery(double* percent, ACPresence* isOnAC) {
   Platform_Battery_cacheIsOnAC = *isOnAC;
   Platform_Battery_cacheTime = now;
 }
+
+bool Platform_getLongOption(int opt, int argc, char** argv) {
+#ifndef HAVE_LIBCAP
+   (void) argc;
+   (void) argv;
+#endif
+
+   switch (opt) {
+#ifdef HAVE_LIBCAP
+      case 128: {
+         const char* mode = optarg;
+         if (!mode && optind < argc && argv[optind] != NULL &&
+            (argv[optind][0] != '\0' && argv[optind][0] != '-')) {
+            mode = argv[optind++];
+         }
+
+         if (!mode || String_eq(mode, "basic")) {
+            Platform_capabilitiesMode = CAP_MODE_BASIC;
+         } else if (String_eq(mode, "none")) {
+            Platform_capabilitiesMode = CAP_MODE_NONE;
+         } else if (String_eq(mode, "strict")) {
+            Platform_capabilitiesMode = CAP_MODE_STRICT;
+         } else {
+            fprintf(stderr, "Error: invalid capabilities mode \"%s\".\n", mode);
+            exit(1);
+         }
+         break;
+      }
+#endif
+
+      default:
+         break;
+   }
+   return false;
+}
+
+#ifdef HAVE_LIBCAP
+static int dropCapabilities(enum CapMode mode) {
+
+   if (mode == CAP_MODE_NONE)
+      return 0;
+
+   /* capabilities we keep to operate */
+   const cap_value_t keepcapsStrict[] = {
+      CAP_DAC_READ_SEARCH,
+      CAP_SYS_PTRACE,
+   };
+   const cap_value_t keepcapsBasic[] = {
+      CAP_DAC_READ_SEARCH,   /* read non world-readable process files of other users, like /proc/[pid]/io */
+      CAP_KILL,              /* send signals to processes of other users */
+      CAP_SYS_NICE,          /* lower process nice value / change nice value for arbitrary processes */
+      CAP_SYS_PTRACE,        /* read /proc/[pid]/exe */
+#ifdef HAVE_DELAYACCT
+      CAP_NET_ADMIN,         /* communicate over netlink socket for delay accounting */
+#endif
+   };
+   const cap_value_t* const keepcaps = (mode == CAP_MODE_BASIC) ? keepcapsBasic : keepcapsStrict;
+   const size_t ncap = (mode == CAP_MODE_BASIC) ? ARRAYSIZE(keepcapsBasic) : ARRAYSIZE(keepcapsStrict);
+
+   cap_t caps = cap_init();
+   if (caps == NULL) {
+      fprintf(stderr, "Error: can not initialize capabilities: %s\n", strerror(errno));
+      return -1;
+   }
+
+   if (cap_clear(caps) < 0) {
+      fprintf(stderr, "Error: can not clear capabilities: %s\n", strerror(errno));
+      cap_free(caps);
+      return -1;
+   }
+
+   cap_t currCaps = cap_get_proc();
+   if (currCaps == NULL) {
+      fprintf(stderr, "Error: can not get current process capabilities: %s\n", strerror(errno));
+      cap_free(caps);
+      return -1;
+   }
+
+   for (size_t i = 0; i < ncap; i++) {
+      if (!CAP_IS_SUPPORTED(keepcaps[i]))
+         continue;
+
+      cap_flag_value_t current;
+      if (cap_get_flag(currCaps, keepcaps[i], CAP_PERMITTED, &current) < 0) {
+         fprintf(stderr, "Error: can not get current value of capability %d: %s\n", keepcaps[i], strerror(errno));
+         cap_free(currCaps);
+         cap_free(caps);
+         return -1;
+      }
+
+      if (current != CAP_SET)
+         continue;
+
+      if (cap_set_flag(caps, CAP_PERMITTED, 1, &keepcaps[i], CAP_SET) < 0) {
+         fprintf(stderr, "Error: can not set permitted capability %d: %s\n", keepcaps[i], strerror(errno));
+         cap_free(currCaps);
+         cap_free(caps);
+         return -1;
+      }
+
+      if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &keepcaps[i], CAP_SET) < 0) {
+         fprintf(stderr, "Error: can not set effective capability %d: %s\n", keepcaps[i], strerror(errno));
+         cap_free(currCaps);
+         cap_free(caps);
+         return -1;
+      }
+   }
+
+   if (cap_set_proc(caps) < 0) {
+      fprintf(stderr, "Error: can not set process capabilities: %s\n", strerror(errno));
+      cap_free(currCaps);
+      cap_free(caps);
+      return -1;
+   }
+
+   cap_free(currCaps);
+   cap_free(caps);
+
+   return 0;
+}
+#endif
+
+void Platform_init(void) {
+#ifdef HAVE_LIBCAP
+   if (dropCapabilities(Platform_capabilitiesMode) < 0)
+      exit(1);
+#endif
+
+   if (access(PROCDIR, R_OK) != 0) {
+      fprintf(stderr, "Error: could not read procfs (compiled to look in %s).\n", PROCDIR);
+      exit(1);
+   }
+
+#ifdef HAVE_SENSORS_SENSORS_H
+   LibSensors_init(NULL);
+#endif
+}
+
+void Platform_done(void) {
+#ifdef HAVE_SENSORS_SENSORS_H
+   LibSensors_cleanup();
+#endif
+}
--- a/linux/Platform.h
+++ b/linux/Platform.h
@ -27,6 +27,19 @@ in the source distribution for its full text.
   #define PATH_MAX 4096
 #endif

+#ifdef HAVE_LIBCAP
+   #define PLATFORM_LONG_OPTIONS \
+      {"drop-capabilities", optional_argument, 0, 128},
+   #define PLATFORM_LONG_OPTIONS_USAGE \
+         "   --drop-capabilities[=none|basic|strict] Drop Linux capabilities when running as root\n" \
+         "                                none - do not drop any capabilities\n" \
+         "                                basic (default) - drop all capabilities not needed by htop\n" \
+         "                                strict - drop all capabilities except those needed for core functionality\n"
+#else
+   #define PLATFORM_LONG_OPTIONS
+   #define PLATFORM_LONG_OPTIONS_USAGE
+#endif
+

 extern const ProcessField Platform_defaultFields[];

@ -82,4 +95,6 @@ static inline void Platform_getRelease(char** string) {
   *string = Generic_uname();
 }

+bool Platform_getLongOption(int opt, int argc, char** argv);
+
 #endif