aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/capability.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/capability.h')
-rw-r--r--include/linux/capability.h48
1 files changed, 34 insertions, 14 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 2dfa58555934..8961e7fb755c 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -1,14 +1,14 @@
1/* 1/*
2 * This is <linux/capability.h> 2 * This is <linux/capability.h>
3 * 3 *
4 * Andrew G. Morgan <morgan@transmeta.com> 4 * Andrew G. Morgan <morgan@kernel.org>
5 * Alexander Kjeldaas <astor@guardian.no> 5 * Alexander Kjeldaas <astor@guardian.no>
6 * with help from Aleph1, Roland Buresund and Andrew Main. 6 * with help from Aleph1, Roland Buresund and Andrew Main.
7 * 7 *
8 * See here for the libcap library ("POSIX draft" compliance): 8 * See here for the libcap library ("POSIX draft" compliance):
9 * 9 *
10 * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ 10 * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
11 */ 11 */
12 12
13#ifndef _LINUX_CAPABILITY_H 13#ifndef _LINUX_CAPABILITY_H
14#define _LINUX_CAPABILITY_H 14#define _LINUX_CAPABILITY_H
@@ -28,23 +28,41 @@ struct task_struct;
28 following structure to such a composite is better handled in a user 28 following structure to such a composite is better handled in a user
29 library since the draft standard requires the use of malloc/free 29 library since the draft standard requires the use of malloc/free
30 etc.. */ 30 etc.. */
31 31
32#define _LINUX_CAPABILITY_VERSION 0x19980330 32#define _LINUX_CAPABILITY_VERSION 0x19980330
33 33
34typedef struct __user_cap_header_struct { 34typedef struct __user_cap_header_struct {
35 __u32 version; 35 __u32 version;
36 int pid; 36 int pid;
37} __user *cap_user_header_t; 37} __user *cap_user_header_t;
38 38
39typedef struct __user_cap_data_struct { 39typedef struct __user_cap_data_struct {
40 __u32 effective; 40 __u32 effective;
41 __u32 permitted; 41 __u32 permitted;
42 __u32 inheritable; 42 __u32 inheritable;
43} __user *cap_user_data_t; 43} __user *cap_user_data_t;
44
45#ifdef __KERNEL__
46 44
47#include <asm/current.h> 45#define XATTR_CAPS_SUFFIX "capability"
46#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
47
48#define XATTR_CAPS_SZ (3*sizeof(__le32))
49#define VFS_CAP_REVISION_MASK 0xFF000000
50#define VFS_CAP_REVISION_1 0x01000000
51
52#define VFS_CAP_REVISION VFS_CAP_REVISION_1
53
54#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
55#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
56
57struct vfs_cap_data {
58 __u32 magic_etc; /* Little endian */
59 struct {
60 __u32 permitted; /* Little endian */
61 __u32 inheritable; /* Little endian */
62 } data[1];
63};
64
65#ifdef __KERNEL__
48 66
49/* #define STRICT_CAP_T_TYPECHECKS */ 67/* #define STRICT_CAP_T_TYPECHECKS */
50 68
@@ -59,7 +77,7 @@ typedef struct kernel_cap_struct {
59typedef __u32 kernel_cap_t; 77typedef __u32 kernel_cap_t;
60 78
61#endif 79#endif
62 80
63#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) 81#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32))
64#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 82#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
65 83
@@ -67,7 +85,7 @@ typedef __u32 kernel_cap_t;
67 85
68 86
69/** 87/**
70 ** POSIX-draft defined capabilities. 88 ** POSIX-draft defined capabilities.
71 **/ 89 **/
72 90
73/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this 91/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
@@ -87,7 +105,7 @@ typedef __u32 kernel_cap_t;
87 defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ 105 defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
88 106
89#define CAP_DAC_READ_SEARCH 2 107#define CAP_DAC_READ_SEARCH 2
90 108
91/* Overrides all restrictions about allowed operations on files, where 109/* Overrides all restrictions about allowed operations on files, where
92 file owner ID must be equal to the user ID, except where CAP_FSETID 110 file owner ID must be equal to the user ID, except where CAP_FSETID
93 is applicable. It doesn't override MAC and DAC restrictions. */ 111 is applicable. It doesn't override MAC and DAC restrictions. */
@@ -257,7 +275,7 @@ typedef __u32 kernel_cap_t;
257/* Override reserved space on ext2 filesystem */ 275/* Override reserved space on ext2 filesystem */
258/* Modify data journaling mode on ext3 filesystem (uses journaling 276/* Modify data journaling mode on ext3 filesystem (uses journaling
259 resources) */ 277 resources) */
260/* NOTE: ext2 honors fsuid when checking for resource overrides, so 278/* NOTE: ext2 honors fsuid when checking for resource overrides, so
261 you can override using fsuid too */ 279 you can override using fsuid too */
262/* Override size restrictions on IPC message queues */ 280/* Override size restrictions on IPC message queues */
263/* Allow more than 64hz interrupts from the real-time clock */ 281/* Allow more than 64hz interrupts from the real-time clock */
@@ -289,8 +307,10 @@ typedef __u32 kernel_cap_t;
289 307
290#define CAP_AUDIT_CONTROL 30 308#define CAP_AUDIT_CONTROL 30
291 309
310#define CAP_SETFCAP 31
311
292#ifdef __KERNEL__ 312#ifdef __KERNEL__
293/* 313/*
294 * Bounding set 314 * Bounding set
295 */ 315 */
296extern kernel_cap_t cap_bset; 316extern kernel_cap_t cap_bset;
@@ -298,7 +318,7 @@ extern kernel_cap_t cap_bset;
298/* 318/*
299 * Internal kernel functions only 319 * Internal kernel functions only
300 */ 320 */
301 321
302#ifdef STRICT_CAP_T_TYPECHECKS 322#ifdef STRICT_CAP_T_TYPECHECKS
303 323
304#define to_cap_t(x) { x } 324#define to_cap_t(x) { x }
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-28 20:42:06 -0500