May 2024 | ||||||
Mo | Tu | We | Th | Fr | Sa | Su |
29 | 30 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 | 12 |
13 | 14 | 15 | 16 | 17 | 18 | 19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 31 | 1 | 2 |
3 | 4 | 5 | 6 | 7 | 8 | 9 |
001: /* 002: * This is <linux/capability.h> 003: * 004: * Andrew G. Morgan <morgan@kernel.org> 005: * Alexander Kjeldaas <astor@guardian.no> 006: * with help from Aleph1, Roland Buresund and Andrew Main. 007: * 008: * See here for the libcap library ("POSIX draft" compliance): 009: * 010: * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ 011: */ 012: 013: #ifndef _LINUX_CAPABILITY_H 014: #define _LINUX_CAPABILITY_H 015: 016: #include <linux/types.h> 017: 018: struct task_struct; 019: 020: /* User-level do most of the mapping between kernel and user 021: capabilities based on the version tag given by the kernel. The 022: kernel might be somewhat backwards compatible, but don't bet on 023: it. */ 024: 025: /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to 026: a set of three capability sets. The transposition of 3*the 027: following structure to such a composite is better handled in a user 028: library since the draft standard requires the use of malloc/free 029: etc.. */ 030: 031: #define _LINUX_CAPABILITY_VERSION_1 0x19980330 032: #define _LINUX_CAPABILITY_U32S_1 1 033: 034: #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ 035: #define _LINUX_CAPABILITY_U32S_2 2 036: 037: #define _LINUX_CAPABILITY_VERSION_3 0x20080522 038: #define _LINUX_CAPABILITY_U32S_3 2 039: 040: typedef struct __user_cap_header_struct { 041: __u32 version; 042: int pid; 043: } *cap_user_header_t; 044: 045: typedef struct __user_cap_data_struct { 046: __u32 effective; 047: __u32 permitted; 048: __u32 inheritable; 049: } *cap_user_data_t; 050: 051: 052: #define VFS_CAP_REVISION_MASK 0xFF000000 053: #define VFS_CAP_REVISION_SHIFT 24 054: #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 055: #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 056: 057: #define VFS_CAP_REVISION_1 0x01000000 058: #define VFS_CAP_U32_1 1 059: #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) 060: 061: #define VFS_CAP_REVISION_2 0x02000000 062: #define VFS_CAP_U32_2 2 063: #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) 064: 065: #define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 066: #define VFS_CAP_U32 VFS_CAP_U32_2 067: #define VFS_CAP_REVISION VFS_CAP_REVISION_2 068: 069: struct vfs_cap_data { 070: __le32 magic_etc; /* Little endian */ 071: struct { 072: __le32 permitted; /* Little endian */ 073: __le32 inheritable; /* Little endian */ 074: } data[VFS_CAP_U32]; 075: }; 076: 077: 078: /* 079: * Backwardly compatible definition for source code - trapped in a 080: * 32-bit world. If you find you need this, please consider using 081: * libcap to untrap yourself... 082: */ 083: #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 084: #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 085: 086: 087: 088: /** 089: ** POSIX-draft defined capabilities. 090: **/ 091: 092: /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this 093: overrides the restriction of changing file ownership and group 094: ownership. */ 095: 096: #define CAP_CHOWN 0 097: 098: /* Override all DAC access, including ACL execute access if 099: [_POSIX_ACL] is defined. Excluding DAC access covered by 100: CAP_LINUX_IMMUTABLE. */ 101: 102: #define CAP_DAC_OVERRIDE 1 103: 104: /* Overrides all DAC restrictions regarding read and search on files 105: and directories, including ACL restrictions if [_POSIX_ACL] is 106: defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ 107: 108: #define CAP_DAC_READ_SEARCH 2 109: 110: /* Overrides all restrictions about allowed operations on files, where 111: file owner ID must be equal to the user ID, except where CAP_FSETID 112: is applicable. It doesn't override MAC and DAC restrictions. */ 113: 114: #define CAP_FOWNER 3 115: 116: /* Overrides the following restrictions that the effective user ID 117: shall match the file owner ID when setting the S_ISUID and S_ISGID 118: bits on that file; that the effective group ID (or one of the 119: supplementary group IDs) shall match the file owner ID when setting 120: the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are 121: cleared on successful return from chown(2) (not implemented). */ 122: 123: #define CAP_FSETID 4 124: 125: /* Overrides the restriction that the real or effective user ID of a 126: process sending a signal must match the real or effective user ID 127: of the process receiving the signal. */ 128: 129: #define CAP_KILL 5 130: 131: /* Allows setgid(2) manipulation */ 132: /* Allows setgroups(2) */ 133: /* Allows forged gids on socket credentials passing. */ 134: 135: #define CAP_SETGID 6 136: 137: /* Allows set*uid(2) manipulation (including fsuid). */ 138: /* Allows forged pids on socket credentials passing. */ 139: 140: #define CAP_SETUID 7 141: 142: 143: /** 144: ** Linux-specific capabilities 145: **/ 146: 147: /* Without VFS support for capabilities: 148: * Transfer any capability in your permitted set to any pid, 149: * remove any capability in your permitted set from any pid 150: * With VFS support for capabilities (neither of above, but) 151: * Add any capability from current's capability bounding set 152: * to the current process' inheritable set 153: * Allow taking bits out of capability bounding set 154: * Allow modification of the securebits for a process 155: */ 156: 157: #define CAP_SETPCAP 8 158: 159: /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ 160: 161: #define CAP_LINUX_IMMUTABLE 9 162: 163: /* Allows binding to TCP/UDP sockets below 1024 */ 164: /* Allows binding to ATM VCIs below 32 */ 165: 166: #define CAP_NET_BIND_SERVICE 10 167: 168: /* Allow broadcasting, listen to multicast */ 169: 170: #define CAP_NET_BROADCAST 11 171: 172: /* Allow interface configuration */ 173: /* Allow administration of IP firewall, masquerading and accounting */ 174: /* Allow setting debug option on sockets */ 175: /* Allow modification of routing tables */ 176: /* Allow setting arbitrary process / process group ownership on 177: sockets */ 178: /* Allow binding to any address for transparent proxying (also via NET_RAW) */ 179: /* Allow setting TOS (type of service) */ 180: /* Allow setting promiscuous mode */ 181: /* Allow clearing driver statistics */ 182: /* Allow multicasting */ 183: /* Allow read/write of device-specific registers */ 184: /* Allow activation of ATM control sockets */ 185: 186: #define CAP_NET_ADMIN 12 187: 188: /* Allow use of RAW sockets */ 189: /* Allow use of PACKET sockets */ 190: /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ 191: 192: #define CAP_NET_RAW 13 193: 194: /* Allow locking of shared memory segments */ 195: /* Allow mlock and mlockall (which doesn't really have anything to do 196: with IPC) */ 197: 198: #define CAP_IPC_LOCK 14 199: 200: /* Override IPC ownership checks */ 201: 202: #define CAP_IPC_OWNER 15 203: 204: /* Insert and remove kernel modules - modify kernel without limit */ 205: #define CAP_SYS_MODULE 16 206: 207: /* Allow ioperm/iopl access */ 208: /* Allow sending USB messages to any device via /proc/bus/usb */ 209: 210: #define CAP_SYS_RAWIO 17 211: 212: /* Allow use of chroot() */ 213: 214: #define CAP_SYS_CHROOT 18 215: 216: /* Allow ptrace() of any process */ 217: 218: #define CAP_SYS_PTRACE 19 219: 220: /* Allow configuration of process accounting */ 221: 222: #define CAP_SYS_PACCT 20 223: 224: /* Allow configuration of the secure attention key */ 225: /* Allow administration of the random device */ 226: /* Allow examination and configuration of disk quotas */ 227: /* Allow setting the domainname */ 228: /* Allow setting the hostname */ 229: /* Allow calling bdflush() */ 230: /* Allow mount() and umount(), setting up new smb connection */ 231: /* Allow some autofs root ioctls */ 232: /* Allow nfsservctl */ 233: /* Allow VM86_REQUEST_IRQ */ 234: /* Allow to read/write pci config on alpha */ 235: /* Allow irix_prctl on mips (setstacksize) */ 236: /* Allow flushing all cache on m68k (sys_cacheflush) */ 237: /* Allow removing semaphores */ 238: /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores 239: and shared memory */ 240: /* Allow locking/unlocking of shared memory segment */ 241: /* Allow turning swap on/off */ 242: /* Allow forged pids on socket credentials passing */ 243: /* Allow setting readahead and flushing buffers on block devices */ 244: /* Allow setting geometry in floppy driver */ 245: /* Allow turning DMA on/off in xd driver */ 246: /* Allow administration of md devices (mostly the above, but some 247: extra ioctls) */ 248: /* Allow tuning the ide driver */ 249: /* Allow access to the nvram device */ 250: /* Allow administration of apm_bios, serial and bttv (TV) device */ 251: /* Allow manufacturer commands in isdn CAPI support driver */ 252: /* Allow reading non-standardized portions of pci configuration space */ 253: /* Allow DDI debug ioctl on sbpcd driver */ 254: /* Allow setting up serial ports */ 255: /* Allow sending raw qic-117 commands */ 256: /* Allow enabling/disabling tagged queuing on SCSI controllers and sending 257: arbitrary SCSI commands */ 258: /* Allow setting encryption key on loopback filesystem */ 259: /* Allow setting zone reclaim policy */ 260: 261: #define CAP_SYS_ADMIN 21 262: 263: /* Allow use of reboot() */ 264: 265: #define CAP_SYS_BOOT 22 266: 267: /* Allow raising priority and setting priority on other (different 268: UID) processes */ 269: /* Allow use of FIFO and round-robin (realtime) scheduling on own 270: processes and setting the scheduling algorithm used by another 271: process. */ 272: /* Allow setting cpu affinity on other processes */ 273: 274: #define CAP_SYS_NICE 23 275: 276: /* Override resource limits. Set resource limits. */ 277: /* Override quota limits. */ 278: /* Override reserved space on ext2 filesystem */ 279: /* Modify data journaling mode on ext3 filesystem (uses journaling 280: resources) */ 281: /* NOTE: ext2 honors fsuid when checking for resource overrides, so 282: you can override using fsuid too */ 283: /* Override size restrictions on IPC message queues */ 284: /* Allow more than 64hz interrupts from the real-time clock */ 285: /* Override max number of consoles on console allocation */ 286: /* Override max number of keymaps */ 287: 288: #define CAP_SYS_RESOURCE 24 289: 290: /* Allow manipulation of system clock */ 291: /* Allow irix_stime on mips */ 292: /* Allow setting the real-time clock */ 293: 294: #define CAP_SYS_TIME 25 295: 296: /* Allow configuration of tty devices */ 297: /* Allow vhangup() of tty */ 298: 299: #define CAP_SYS_TTY_CONFIG 26 300: 301: /* Allow the privileged aspects of mknod() */ 302: 303: #define CAP_MKNOD 27 304: 305: /* Allow taking of leases on files */ 306: 307: #define CAP_LEASE 28 308: 309: #define CAP_AUDIT_WRITE 29 310: 311: #define CAP_AUDIT_CONTROL 30 312: 313: #define CAP_SETFCAP 31 314: 315: /* Override MAC access. 316: The base kernel enforces no MAC policy. 317: An LSM may enforce a MAC policy, and if it does and it chooses 318: to implement capability based overrides of that policy, this is 319: the capability it should use to do so. */ 320: 321: #define CAP_MAC_OVERRIDE 32 322: 323: /* Allow MAC configuration or state changes. 324: The base kernel requires no MAC configuration. 325: An LSM may enforce a MAC policy, and if it does and it chooses 326: to implement capability based checks on modifications to that 327: policy or the data required to maintain it, this is the 328: capability it should use to do so. */ 329: 330: #define CAP_MAC_ADMIN 33 331: 332: /* Allow configuring the kernel's syslog (printk behaviour) */ 333: 334: #define CAP_SYSLOG 34 335: 336: /* Allow triggering something that will wake the system */ 337: 338: #define CAP_WAKE_ALARM 35 339: 340: 341: #define CAP_LAST_CAP CAP_WAKE_ALARM 342: 343: #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) 344: 345: /* 346: * Bit location of each capability (used by user-space library and kernel) 347: */ 348: 349: #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ 350: #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ 351: 352: 353: #endif /* !_LINUX_CAPABILITY_H */ 354: