| 1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
|---|---|
| 2 | /* |
| 3 | * This is <linux/capability.h> |
| 4 | * |
| 5 | * Andrew G. Morgan <morgan@kernel.org> |
| 6 | * Alexander Kjeldaas <astor@guardian.no> |
| 7 | * with help from Aleph1, Roland Buresund and Andrew Main. |
| 8 | * |
| 9 | * See here for the libcap library ("POSIX draft" compliance): |
| 10 | * |
| 11 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
| 12 | */ |
| 13 | |
| 14 | #ifndef _LINUX_CAPABILITY_H |
| 15 | #define _LINUX_CAPABILITY_H |
| 16 | |
| 17 | #include <linux/types.h> |
| 18 | |
| 19 | /* User-level do most of the mapping between kernel and user |
| 20 | capabilities based on the version tag given by the kernel. The |
| 21 | kernel might be somewhat backwards compatible, but don't bet on |
| 22 | it. */ |
| 23 | |
| 24 | /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to |
| 25 | a set of three capability sets. The transposition of 3*the |
| 26 | following structure to such a composite is better handled in a user |
| 27 | library since the draft standard requires the use of malloc/free |
| 28 | etc.. */ |
| 29 | |
| 30 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 |
| 31 | #define _LINUX_CAPABILITY_U32S_1 1 |
| 32 | |
| 33 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ |
| 34 | #define _LINUX_CAPABILITY_U32S_2 2 |
| 35 | |
| 36 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 |
| 37 | #define _LINUX_CAPABILITY_U32S_3 2 |
| 38 | |
| 39 | typedef struct __user_cap_header_struct { |
| 40 | __u32 version; |
| 41 | int pid; |
| 42 | } *cap_user_header_t; |
| 43 | |
| 44 | typedef struct __user_cap_data_struct { |
| 45 | __u32 effective; |
| 46 | __u32 permitted; |
| 47 | __u32 inheritable; |
| 48 | } *cap_user_data_t; |
| 49 | |
| 50 | |
| 51 | #define VFS_CAP_REVISION_MASK 0xFF000000 |
| 52 | #define VFS_CAP_REVISION_SHIFT 24 |
| 53 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK |
| 54 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 |
| 55 | |
| 56 | #define VFS_CAP_REVISION_1 0x01000000 |
| 57 | #define VFS_CAP_U32_1 1 |
| 58 | #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) |
| 59 | |
| 60 | #define VFS_CAP_REVISION_2 0x02000000 |
| 61 | #define VFS_CAP_U32_2 2 |
| 62 | #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) |
| 63 | |
| 64 | #define VFS_CAP_REVISION_3 0x03000000 |
| 65 | #define VFS_CAP_U32_3 2 |
| 66 | #define XATTR_CAPS_SZ_3 (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3)) |
| 67 | |
| 68 | #define XATTR_CAPS_SZ XATTR_CAPS_SZ_3 |
| 69 | #define VFS_CAP_U32 VFS_CAP_U32_3 |
| 70 | #define VFS_CAP_REVISION VFS_CAP_REVISION_3 |
| 71 | |
| 72 | struct vfs_cap_data { |
| 73 | __le32 magic_etc; /* Little endian */ |
| 74 | struct { |
| 75 | __le32 permitted; /* Little endian */ |
| 76 | __le32 inheritable; /* Little endian */ |
| 77 | } data[VFS_CAP_U32]; |
| 78 | }; |
| 79 | |
| 80 | /* |
| 81 | * same as vfs_cap_data but with a rootid at the end |
| 82 | */ |
| 83 | struct vfs_ns_cap_data { |
| 84 | __le32 magic_etc; |
| 85 | struct { |
| 86 | __le32 permitted; /* Little endian */ |
| 87 | __le32 inheritable; /* Little endian */ |
| 88 | } data[VFS_CAP_U32]; |
| 89 | __le32 rootid; |
| 90 | }; |
| 91 | |
| 92 | |
| 93 | /* |
| 94 | * Backwardly compatible definition for source code - trapped in a |
| 95 | * 32-bit world. If you find you need this, please consider using |
| 96 | * libcap to untrap yourself... |
| 97 | */ |
| 98 | #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 |
| 99 | #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 |
| 100 | |
| 101 | |
| 102 | |
| 103 | /** |
| 104 | ** POSIX-draft defined capabilities. |
| 105 | **/ |
| 106 | |
| 107 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this |
| 108 | overrides the restriction of changing file ownership and group |
| 109 | ownership. */ |
| 110 | |
| 111 | #define CAP_CHOWN 0 |
| 112 | |
| 113 | /* Override all DAC access, including ACL execute access if |
| 114 | [_POSIX_ACL] is defined. Excluding DAC access covered by |
| 115 | CAP_LINUX_IMMUTABLE. */ |
| 116 | |
| 117 | #define CAP_DAC_OVERRIDE 1 |
| 118 | |
| 119 | /* Overrides all DAC restrictions regarding read and search on files |
| 120 | and directories, including ACL restrictions if [_POSIX_ACL] is |
| 121 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ |
| 122 | |
| 123 | #define CAP_DAC_READ_SEARCH 2 |
| 124 | |
| 125 | /* Overrides all restrictions about allowed operations on files, where |
| 126 | file owner ID must be equal to the user ID, except where CAP_FSETID |
| 127 | is applicable. It doesn't override MAC and DAC restrictions. */ |
| 128 | |
| 129 | #define CAP_FOWNER 3 |
| 130 | |
| 131 | /* Overrides the following restrictions that the effective user ID |
| 132 | shall match the file owner ID when setting the S_ISUID and S_ISGID |
| 133 | bits on that file; that the effective group ID (or one of the |
| 134 | supplementary group IDs) shall match the file owner ID when setting |
| 135 | the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are |
| 136 | cleared on successful return from chown(2) (not implemented). */ |
| 137 | |
| 138 | #define CAP_FSETID 4 |
| 139 | |
| 140 | /* Overrides the restriction that the real or effective user ID of a |
| 141 | process sending a signal must match the real or effective user ID |
| 142 | of the process receiving the signal. */ |
| 143 | |
| 144 | #define CAP_KILL 5 |
| 145 | |
| 146 | /* Allows setgid(2) manipulation */ |
| 147 | /* Allows setgroups(2) */ |
| 148 | /* Allows forged gids on socket credentials passing. */ |
| 149 | |
| 150 | #define CAP_SETGID 6 |
| 151 | |
| 152 | /* Allows set*uid(2) manipulation (including fsuid). */ |
| 153 | /* Allows forged pids on socket credentials passing. */ |
| 154 | |
| 155 | #define CAP_SETUID 7 |
| 156 | |
| 157 | |
| 158 | /** |
| 159 | ** Linux-specific capabilities |
| 160 | **/ |
| 161 | |
| 162 | /* Without VFS support for capabilities: |
| 163 | * Transfer any capability in your permitted set to any pid, |
| 164 | * remove any capability in your permitted set from any pid |
| 165 | * With VFS support for capabilities (neither of above, but) |
| 166 | * Add any capability from current's capability bounding set |
| 167 | * to the current process' inheritable set |
| 168 | * Allow taking bits out of capability bounding set |
| 169 | * Allow modification of the securebits for a process |
| 170 | */ |
| 171 | |
| 172 | #define CAP_SETPCAP 8 |
| 173 | |
| 174 | /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ |
| 175 | |
| 176 | #define CAP_LINUX_IMMUTABLE 9 |
| 177 | |
| 178 | /* Allows binding to TCP/UDP sockets below 1024 */ |
| 179 | /* Allows binding to ATM VCIs below 32 */ |
| 180 | |
| 181 | #define CAP_NET_BIND_SERVICE 10 |
| 182 | |
| 183 | /* Allow broadcasting, listen to multicast */ |
| 184 | |
| 185 | #define CAP_NET_BROADCAST 11 |
| 186 | |
| 187 | /* Allow interface configuration */ |
| 188 | /* Allow administration of IP firewall, masquerading and accounting */ |
| 189 | /* Allow setting debug option on sockets */ |
| 190 | /* Allow modification of routing tables */ |
| 191 | /* Allow setting arbitrary process / process group ownership on |
| 192 | sockets */ |
| 193 | /* Allow binding to any address for transparent proxying (also via NET_RAW) */ |
| 194 | /* Allow setting TOS (type of service) */ |
| 195 | /* Allow setting promiscuous mode */ |
| 196 | /* Allow clearing driver statistics */ |
| 197 | /* Allow multicasting */ |
| 198 | /* Allow read/write of device-specific registers */ |
| 199 | /* Allow activation of ATM control sockets */ |
| 200 | |
| 201 | #define CAP_NET_ADMIN 12 |
| 202 | |
| 203 | /* Allow use of RAW sockets */ |
| 204 | /* Allow use of PACKET sockets */ |
| 205 | /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ |
| 206 | |
| 207 | #define CAP_NET_RAW 13 |
| 208 | |
| 209 | /* Allow locking of shared memory segments */ |
| 210 | /* Allow mlock and mlockall (which doesn't really have anything to do |
| 211 | with IPC) */ |
| 212 | |
| 213 | #define CAP_IPC_LOCK 14 |
| 214 | |
| 215 | /* Override IPC ownership checks */ |
| 216 | |
| 217 | #define CAP_IPC_OWNER 15 |
| 218 | |
| 219 | /* Insert and remove kernel modules - modify kernel without limit */ |
| 220 | #define CAP_SYS_MODULE 16 |
| 221 | |
| 222 | /* Allow ioperm/iopl access */ |
| 223 | /* Allow sending USB messages to any device via /dev/bus/usb */ |
| 224 | |
| 225 | #define CAP_SYS_RAWIO 17 |
| 226 | |
| 227 | /* Allow use of chroot() */ |
| 228 | |
| 229 | #define CAP_SYS_CHROOT 18 |
| 230 | |
| 231 | /* Allow ptrace() of any process */ |
| 232 | |
| 233 | #define CAP_SYS_PTRACE 19 |
| 234 | |
| 235 | /* Allow configuration of process accounting */ |
| 236 | |
| 237 | #define CAP_SYS_PACCT 20 |
| 238 | |
| 239 | /* Allow configuration of the secure attention key */ |
| 240 | /* Allow administration of the random device */ |
| 241 | /* Allow examination and configuration of disk quotas */ |
| 242 | /* Allow setting the domainname */ |
| 243 | /* Allow setting the hostname */ |
| 244 | /* Allow calling bdflush() */ |
| 245 | /* Allow mount() and umount(), setting up new smb connection */ |
| 246 | /* Allow some autofs root ioctls */ |
| 247 | /* Allow nfsservctl */ |
| 248 | /* Allow VM86_REQUEST_IRQ */ |
| 249 | /* Allow to read/write pci config on alpha */ |
| 250 | /* Allow irix_prctl on mips (setstacksize) */ |
| 251 | /* Allow flushing all cache on m68k (sys_cacheflush) */ |
| 252 | /* Allow removing semaphores */ |
| 253 | /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores |
| 254 | and shared memory */ |
| 255 | /* Allow locking/unlocking of shared memory segment */ |
| 256 | /* Allow turning swap on/off */ |
| 257 | /* Allow forged pids on socket credentials passing */ |
| 258 | /* Allow setting readahead and flushing buffers on block devices */ |
| 259 | /* Allow setting geometry in floppy driver */ |
| 260 | /* Allow turning DMA on/off in xd driver */ |
| 261 | /* Allow administration of md devices (mostly the above, but some |
| 262 | extra ioctls) */ |
| 263 | /* Allow tuning the ide driver */ |
| 264 | /* Allow access to the nvram device */ |
| 265 | /* Allow administration of apm_bios, serial and bttv (TV) device */ |
| 266 | /* Allow manufacturer commands in isdn CAPI support driver */ |
| 267 | /* Allow reading non-standardized portions of pci configuration space */ |
| 268 | /* Allow DDI debug ioctl on sbpcd driver */ |
| 269 | /* Allow setting up serial ports */ |
| 270 | /* Allow sending raw qic-117 commands */ |
| 271 | /* Allow enabling/disabling tagged queuing on SCSI controllers and sending |
| 272 | arbitrary SCSI commands */ |
| 273 | /* Allow setting encryption key on loopback filesystem */ |
| 274 | /* Allow setting zone reclaim policy */ |
| 275 | |
| 276 | #define CAP_SYS_ADMIN 21 |
| 277 | |
| 278 | /* Allow use of reboot() */ |
| 279 | |
| 280 | #define CAP_SYS_BOOT 22 |
| 281 | |
| 282 | /* Allow raising priority and setting priority on other (different |
| 283 | UID) processes */ |
| 284 | /* Allow use of FIFO and round-robin (realtime) scheduling on own |
| 285 | processes and setting the scheduling algorithm used by another |
| 286 | process. */ |
| 287 | /* Allow setting cpu affinity on other processes */ |
| 288 | |
| 289 | #define CAP_SYS_NICE 23 |
| 290 | |
| 291 | /* Override resource limits. Set resource limits. */ |
| 292 | /* Override quota limits. */ |
| 293 | /* Override reserved space on ext2 filesystem */ |
| 294 | /* Modify data journaling mode on ext3 filesystem (uses journaling |
| 295 | resources) */ |
| 296 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so |
| 297 | you can override using fsuid too */ |
| 298 | /* Override size restrictions on IPC message queues */ |
| 299 | /* Allow more than 64hz interrupts from the real-time clock */ |
| 300 | /* Override max number of consoles on console allocation */ |
| 301 | /* Override max number of keymaps */ |
| 302 | |
| 303 | #define CAP_SYS_RESOURCE 24 |
| 304 | |
| 305 | /* Allow manipulation of system clock */ |
| 306 | /* Allow irix_stime on mips */ |
| 307 | /* Allow setting the real-time clock */ |
| 308 | |
| 309 | #define CAP_SYS_TIME 25 |
| 310 | |
| 311 | /* Allow configuration of tty devices */ |
| 312 | /* Allow vhangup() of tty */ |
| 313 | |
| 314 | #define CAP_SYS_TTY_CONFIG 26 |
| 315 | |
| 316 | /* Allow the privileged aspects of mknod() */ |
| 317 | |
| 318 | #define CAP_MKNOD 27 |
| 319 | |
| 320 | /* Allow taking of leases on files */ |
| 321 | |
| 322 | #define CAP_LEASE 28 |
| 323 | |
| 324 | /* Allow writing the audit log via unicast netlink socket */ |
| 325 | |
| 326 | #define CAP_AUDIT_WRITE 29 |
| 327 | |
| 328 | /* Allow configuration of audit via unicast netlink socket */ |
| 329 | |
| 330 | #define CAP_AUDIT_CONTROL 30 |
| 331 | |
| 332 | #define CAP_SETFCAP 31 |
| 333 | |
| 334 | /* Override MAC access. |
| 335 | The base kernel enforces no MAC policy. |
| 336 | An LSM may enforce a MAC policy, and if it does and it chooses |
| 337 | to implement capability based overrides of that policy, this is |
| 338 | the capability it should use to do so. */ |
| 339 | |
| 340 | #define CAP_MAC_OVERRIDE 32 |
| 341 | |
| 342 | /* Allow MAC configuration or state changes. |
| 343 | The base kernel requires no MAC configuration. |
| 344 | An LSM may enforce a MAC policy, and if it does and it chooses |
| 345 | to implement capability based checks on modifications to that |
| 346 | policy or the data required to maintain it, this is the |
| 347 | capability it should use to do so. */ |
| 348 | |
| 349 | #define CAP_MAC_ADMIN 33 |
| 350 | |
| 351 | /* Allow configuring the kernel's syslog (printk behaviour) */ |
| 352 | |
| 353 | #define CAP_SYSLOG 34 |
| 354 | |
| 355 | /* Allow triggering something that will wake the system */ |
| 356 | |
| 357 | #define CAP_WAKE_ALARM 35 |
| 358 | |
| 359 | /* Allow preventing system suspends */ |
| 360 | |
| 361 | #define CAP_BLOCK_SUSPEND 36 |
| 362 | |
| 363 | /* Allow reading the audit log via multicast netlink socket */ |
| 364 | |
| 365 | #define CAP_AUDIT_READ 37 |
| 366 | |
| 367 | |
| 368 | #define CAP_LAST_CAP CAP_AUDIT_READ |
| 369 | |
| 370 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) |
| 371 | |
| 372 | /* |
| 373 | * Bit location of each capability (used by user-space library and kernel) |
| 374 | */ |
| 375 | |
| 376 | #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ |
| 377 | #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ |
| 378 | |
| 379 | |
| 380 | #endif /* _LINUX_CAPABILITY_H */ |
| 381 |
Generated while processing qemu/qemu-bridge-helper.c
Generated on 2019-Sep-06 from project include
Powered by 
Code Browser 2.1
Generator usage only permitted with license.