diff options
Diffstat (limited to 'include/linux/capability.h')
-rw-r--r-- | include/linux/capability.h | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 2dfa585..8961e7f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -1,14 +1,14 @@ /* * This is <linux/capability.h> * - * Andrew G. Morgan <morgan@transmeta.com> + * Andrew G. Morgan <morgan@kernel.org> * Alexander Kjeldaas <astor@guardian.no> * with help from Aleph1, Roland Buresund and Andrew Main. * * See here for the libcap library ("POSIX draft" compliance): * - * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ - */ + * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ + */ #ifndef _LINUX_CAPABILITY_H #define _LINUX_CAPABILITY_H @@ -28,23 +28,41 @@ struct task_struct; following structure to such a composite is better handled in a user library since the draft standard requires the use of malloc/free etc.. */ - + #define _LINUX_CAPABILITY_VERSION 0x19980330 typedef struct __user_cap_header_struct { __u32 version; int pid; } __user *cap_user_header_t; - + typedef struct __user_cap_data_struct { __u32 effective; __u32 permitted; __u32 inheritable; } __user *cap_user_data_t; - -#ifdef __KERNEL__ -#include <asm/current.h> +#define XATTR_CAPS_SUFFIX "capability" +#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX + +#define XATTR_CAPS_SZ (3*sizeof(__le32)) +#define VFS_CAP_REVISION_MASK 0xFF000000 +#define VFS_CAP_REVISION_1 0x01000000 + +#define VFS_CAP_REVISION VFS_CAP_REVISION_1 + +#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK +#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 + +struct vfs_cap_data { + __u32 magic_etc; /* Little endian */ + struct { + __u32 permitted; /* Little endian */ + __u32 inheritable; /* Little endian */ + } data[1]; +}; + +#ifdef __KERNEL__ /* #define STRICT_CAP_T_TYPECHECKS */ @@ -59,7 +77,7 @@ typedef struct kernel_cap_struct { typedef __u32 kernel_cap_t; #endif - + #define _USER_CAP_HEADER_SIZE (2*sizeof(__u32)) #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) @@ -67,7 +85,7 @@ typedef __u32 kernel_cap_t; /** - ** POSIX-draft defined capabilities. + ** POSIX-draft defined capabilities. **/ /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this @@ -87,7 +105,7 @@ typedef __u32 kernel_cap_t; defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ #define CAP_DAC_READ_SEARCH 2 - + /* Overrides all restrictions about allowed operations on files, where file owner ID must be equal to the user ID, except where CAP_FSETID is applicable. It doesn't override MAC and DAC restrictions. */ @@ -257,7 +275,7 @@ typedef __u32 kernel_cap_t; /* Override reserved space on ext2 filesystem */ /* Modify data journaling mode on ext3 filesystem (uses journaling resources) */ -/* NOTE: ext2 honors fsuid when checking for resource overrides, so +/* NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too */ /* Override size restrictions on IPC message queues */ /* Allow more than 64hz interrupts from the real-time clock */ @@ -289,8 +307,10 @@ typedef __u32 kernel_cap_t; #define CAP_AUDIT_CONTROL 30 +#define CAP_SETFCAP 31 + #ifdef __KERNEL__ -/* +/* * Bounding set */ extern kernel_cap_t cap_bset; @@ -298,7 +318,7 @@ extern kernel_cap_t cap_bset; /* * Internal kernel functions only */ - + #ifdef STRICT_CAP_T_TYPECHECKS #define to_cap_t(x) { x } |