github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/libsnap-confine-private/privs.h

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/libsnap-confine-private/privs.h (about)

     1  /*
     2   * Copyright (C) 2017 Canonical Ltd
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License version 3 as
     6   * published by the Free Software Foundation.
     7   *
     8   * This program is distributed in the hope that it will be useful,
     9   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11   * GNU General Public License for more details.
    12   *
    13   * You should have received a copy of the GNU General Public License
    14   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15   *
    16   */
    17  
    18  #ifndef SNAP_CONFINE_PRIVS_H
    19  #define SNAP_CONFINE_PRIVS_H
    20  
    21  /**
    22   * Permanently drop elevated permissions.
    23   *
    24   * If the user has elevated permission as a result of running a setuid root
    25   * application then such permission are permanently dropped.
    26   *
    27   * The set of dropped permissions include:
    28   *  - user and group identifier
    29   *  - supplementary group identifiers
    30   *
    31   * The function ensures that the elevated permission are dropped or dies if
    32   * this cannot be achieved. Note that only the elevated permissions are
    33   * dropped. When the process itself was started by root then this function does
    34   * nothing at all.
    35   **/
    36  void sc_privs_drop(void);
    37  
    38  #endif