diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-08-29 18:01:41 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-08-29 18:01:41 +0000 |
commit | 698b657986aef58992b3f3af1ee0c9d47cb02ed8 (patch) | |
tree | d1fa9f5ae06ed0985d7f07d9b30930feae5f2013 /sys/sys/capability.h | |
parent | 9dcb56a64f249e3a36fe09718f4b365d3e60cd65 (diff) | |
download | FreeBSD-src-698b657986aef58992b3f3af1ee0c9d47cb02ed8.zip FreeBSD-src-698b657986aef58992b3f3af1ee0c9d47cb02ed8.tar.gz |
o Introduce support for _CAPABILITY_NEEDMACROS, reducing namespace
pollution for non-POSIX.1e macros.
o Introduce CAP_UNITE(), CAP_NONZERO().
o Disable aspects of CAP_SETPCAP, which is Linux-specific (in particular,
remove it from CAP_ALL_ON).
o Improve commenting.
Submitted by: tmm
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/sys/capability.h')
-rw-r--r-- | sys/sys/capability.h | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/sys/sys/capability.h b/sys/sys/capability.h index 8661595..33349ad 100644 --- a/sys/sys/capability.h +++ b/sys/sys/capability.h @@ -50,6 +50,7 @@ struct cap { }; typedef struct cap *cap_t; +#if defined(_KERNEL) | defined(_CAPABILITY_NEEDMACROS) #define SET_CAPABILITY(mask, cap) do { \ (mask) |= cap; \ } while (0) @@ -65,9 +66,29 @@ typedef struct cap *cap_t; * Is (tcap) a logical subset of (scap)? */ #define CAP_SUBSET(scap,tcap) \ - (((scap).c_permitted | (tcap).c_permitted == (scap).c_permitted) && \ - ((scap).c_effective | (tcap).c_effective == (scap).c_effective) && \ - ((scap).c_inheritable | (tcap).c_inheritable == (scap).c_inheritable)) + ((((scap).c_permitted | (tcap).c_permitted) == (scap).c_permitted) && \ + (((scap).c_effective | (tcap).c_effective) == (scap).c_effective) && \ + (((scap).c_inheritable | (tcap).c_inheritable) == (scap).c_inheritable)) + +/* + * Put the union of the capability sets c1 and c2 into c2. + */ +#define CAP_UNITE(c1, c2) do { \ + (c1).c_permitted |= (c2).c_permitted; \ + (c1).c_effective |= (c2).c_effective; \ + (c1).c_inheritable |= (c2).c_inheritable; \ + } while (0) + +/* + * Test whether any bits in a cap set are set. + * XXX: due to capability setting constraints, it should actually be + * sufficient to check c_permitted. + */ + +#define CAP_NONZERO(c) \ + ((c).c_permitted != 0 || (c).c_effective != 0 || (c).c_inheritable != 0) + +#endif /* * Possible flags for a particular capability. @@ -109,7 +130,12 @@ typedef struct cap *cap_t; #define CAP_AUDIT_WRITE (0x0000000000200000) /* - * The following capability, borrowed from Linux, is unsafe + * The following is no longer functional. + * With our capability model, this serves no useful purpose. A process just + * has all the capabilities it needs, and if it are to be temporarily given + * up, they can be removed from the effective set. + * We do not support modifying the capabilities of other processes, as Linux + * (from which this one originated) does. */ #define CAP_SETPCAP (0x0000000000400000) /* This is unallocated: */ @@ -130,7 +156,6 @@ typedef struct cap *cap_t; /* * The following capabilities, borrowed from Linux, are unsafe in a * secure environment. - * */ #define CAP_SYS_MODULE (0x0000000080000000) #define CAP_SYS_RAWIO (0x0000000100000000) @@ -139,7 +164,7 @@ typedef struct cap *cap_t; #define CAP_SYS_PACCT (0x0000000800000000) #define CAP_SYS_ADMIN (0x0000001000000000) /* - * Back to the safe ones, again + * Back to the safe ones, again. */ #define CAP_SYS_BOOT (0x0000002000000000) #define CAP_SYS_NICE (0x0000004000000000) @@ -155,7 +180,7 @@ typedef struct cap *cap_t; CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \ CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \ CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \ - CAP_AUDIT_WRITE | CAP_SETPCAP | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \ + CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \ CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \ CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \ CAP_SYS_PTRACE | CAP_SYS_PACCT | CAP_SYS_ADMIN | CAP_SYS_BOOT | \ |