1c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* 2c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * This is <linux/capability.h> 3c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * 4024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Andrew G. Morgan <morgan@kernel.org> 5c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * Alexander Kjeldaas <astor@guardian.no> 6c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * with help from Aleph1, Roland Buresund and Andrew Main. 7c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * 8c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * See here for the libcap library ("POSIX draft" compliance): 9c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * 10024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ 11024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich */ 12c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 13c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#ifndef _LINUX_CAPABILITY_H 14c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define _LINUX_CAPABILITY_H 15c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 16c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#include <linux/types.h> 17024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 18024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct task_struct; 19c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 20c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* User-level do most of the mapping between kernel and user 21c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru capabilities based on the version tag given by the kernel. The 22c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru kernel might be somewhat backwards compatible, but don't bet on 23c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru it. */ 24c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 25024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to 26c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru a set of three capability sets. The transposition of 3*the 27c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru following structure to such a composite is better handled in a user 28c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru library since the draft standard requires the use of malloc/free 29c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru etc.. */ 30024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 31024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_VERSION_1 0x19980330 32024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_U32S_1 1 33024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 34024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ 35024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_U32S_2 2 36024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 37024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_VERSION_3 0x20080522 38024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_U32S_3 2 39c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 40c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querutypedef struct __user_cap_header_struct { 41c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __u32 version; 42c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru int pid; 43c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} __user *cap_user_header_t; 44024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 45c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Querutypedef struct __user_cap_data_struct { 46c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __u32 effective; 47c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __u32 permitted; 48c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru __u32 inheritable; 49c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} __user *cap_user_data_t; 50c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 51c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 52024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_REVISION_MASK 0xFF000000 53024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_REVISION_SHIFT 24 54024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 55024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 56c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 57024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_REVISION_1 0x01000000 58024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_U32_1 1 59024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) 60c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 61024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_REVISION_2 0x02000000 62024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_U32_2 2 63024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) 64024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 65024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 66024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_U32 VFS_CAP_U32_2 67024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define VFS_CAP_REVISION VFS_CAP_REVISION_2 68024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 69024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct vfs_cap_data { 70024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich __le32 magic_etc; /* Little endian */ 71024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich struct { 72024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich __le32 permitted; /* Little endian */ 73024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich __le32 inheritable; /* Little endian */ 74024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich } data[VFS_CAP_U32]; 75024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich}; 76024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 77024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#ifndef __KERNEL__ 78024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 79024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* 80024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Backwardly compatible definition for source code - trapped in a 81024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 32-bit world. If you find you need this, please consider using 82024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * libcap to untrap yourself... 83024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich */ 84024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 85024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 86c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 87c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#else 88c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 89024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 90024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 91c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 92024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern int file_caps_enabled; 93024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 94024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichtypedef struct kernel_cap_struct { 95024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich __u32 cap[_KERNEL_CAPABILITY_U32S]; 96024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} kernel_cap_t; 97024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 98024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* exact same as vfs_cap_data but in cpu endian and always filled completely */ 99024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct cpu_vfs_cap_data { 100024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich __u32 magic_etc; 101024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t permitted; 102024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t inheritable; 103024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich}; 104024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 105024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) 106c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 107c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 108c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif 109c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 110c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 111c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/** 112024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich ** POSIX-draft defined capabilities. 113c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru **/ 114c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 115c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this 116c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru overrides the restriction of changing file ownership and group 117c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru ownership. */ 118c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 119c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_CHOWN 0 120c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 121c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override all DAC access, including ACL execute access if 122c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru [_POSIX_ACL] is defined. Excluding DAC access covered by 123c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru CAP_LINUX_IMMUTABLE. */ 124c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 125c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_DAC_OVERRIDE 1 126c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 127c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Overrides all DAC restrictions regarding read and search on files 128c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru and directories, including ACL restrictions if [_POSIX_ACL] is 129c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ 130c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 131c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_DAC_READ_SEARCH 2 132024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 133c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Overrides all restrictions about allowed operations on files, where 134c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru file owner ID must be equal to the user ID, except where CAP_FSETID 135c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru is applicable. It doesn't override MAC and DAC restrictions. */ 136c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 137c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_FOWNER 3 138c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 139c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Overrides the following restrictions that the effective user ID 140c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru shall match the file owner ID when setting the S_ISUID and S_ISGID 141c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru bits on that file; that the effective group ID (or one of the 142c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru supplementary group IDs) shall match the file owner ID when setting 143c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are 144c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru cleared on successful return from chown(2) (not implemented). */ 145c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 146c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_FSETID 4 147c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 148c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Overrides the restriction that the real or effective user ID of a 149c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru process sending a signal must match the real or effective user ID 150c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru of the process receiving the signal. */ 151c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 152c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_KILL 5 153c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 154c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows setgid(2) manipulation */ 155c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows setgroups(2) */ 156c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows forged gids on socket credentials passing. */ 157c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 158c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SETGID 6 159c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 160c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows set*uid(2) manipulation (including fsuid). */ 161c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows forged pids on socket credentials passing. */ 162c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 163c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SETUID 7 164c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 165c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 166c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/** 167c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru ** Linux-specific capabilities 168c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru **/ 169c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 170024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Without VFS support for capabilities: 171024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Transfer any capability in your permitted set to any pid, 172024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * remove any capability in your permitted set from any pid 173024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * With VFS support for capabilities (neither of above, but) 174024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Add any capability from current's capability bounding set 175024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * to the current process' inheritable set 176024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Allow taking bits out of capability bounding set 177024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Allow modification of the securebits for a process 178024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich */ 179c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 180c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SETPCAP 8 181c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 182c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ 183c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 184c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_LINUX_IMMUTABLE 9 185c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 186c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows binding to TCP/UDP sockets below 1024 */ 187c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allows binding to ATM VCIs below 32 */ 188c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 189c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_NET_BIND_SERVICE 10 190c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 191c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow broadcasting, listen to multicast */ 192c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 193c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_NET_BROADCAST 11 194c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 195c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow interface configuration */ 196c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow administration of IP firewall, masquerading and accounting */ 197c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting debug option on sockets */ 198c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow modification of routing tables */ 199c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting arbitrary process / process group ownership on 200c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru sockets */ 201c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow binding to any address for transparent proxying */ 202c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting TOS (type of service) */ 203c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting promiscuous mode */ 204c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow clearing driver statistics */ 205c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow multicasting */ 206c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow read/write of device-specific registers */ 207c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow activation of ATM control sockets */ 208c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 209c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_NET_ADMIN 12 210c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 211c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow use of RAW sockets */ 212c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow use of PACKET sockets */ 213c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 214c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_NET_RAW 13 215c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 216c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow locking of shared memory segments */ 217c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow mlock and mlockall (which doesn't really have anything to do 218c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru with IPC) */ 219c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 220c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_IPC_LOCK 14 221c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 222c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override IPC ownership checks */ 223c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 224c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_IPC_OWNER 15 225c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 226c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Insert and remove kernel modules - modify kernel without limit */ 227c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_MODULE 16 228c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 229c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow ioperm/iopl access */ 230c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow sending USB messages to any device via /proc/bus/usb */ 231c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 232c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_RAWIO 17 233c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 234c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow use of chroot() */ 235c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 236c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_CHROOT 18 237c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 238c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow ptrace() of any process */ 239c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 240c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_PTRACE 19 241c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 242c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow configuration of process accounting */ 243c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 244c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_PACCT 20 245c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 246c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow configuration of the secure attention key */ 247c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow administration of the random device */ 248c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow examination and configuration of disk quotas */ 249c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting the domainname */ 250c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting the hostname */ 251c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow calling bdflush() */ 252c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow mount() and umount(), setting up new smb connection */ 253c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow some autofs root ioctls */ 254c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow nfsservctl */ 255c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow VM86_REQUEST_IRQ */ 256c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow to read/write pci config on alpha */ 257c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow irix_prctl on mips (setstacksize) */ 258c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow flushing all cache on m68k (sys_cacheflush) */ 259c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow removing semaphores */ 260c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores 261c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru and shared memory */ 262c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow locking/unlocking of shared memory segment */ 263c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow turning swap on/off */ 264c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow forged pids on socket credentials passing */ 265c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting readahead and flushing buffers on block devices */ 266c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting geometry in floppy driver */ 267c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow turning DMA on/off in xd driver */ 268c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow administration of md devices (mostly the above, but some 269c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru extra ioctls) */ 270c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow tuning the ide driver */ 271c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow access to the nvram device */ 272c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow administration of apm_bios, serial and bttv (TV) device */ 273c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow manufacturer commands in isdn CAPI support driver */ 274c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow reading non-standardized portions of pci configuration space */ 275c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow DDI debug ioctl on sbpcd driver */ 276c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting up serial ports */ 277c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow sending raw qic-117 commands */ 278c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow enabling/disabling tagged queuing on SCSI controllers and sending 279c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru arbitrary SCSI commands */ 280c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting encryption key on loopback filesystem */ 281c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting zone reclaim policy */ 282c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 283c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_ADMIN 21 284c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 285c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow use of reboot() */ 286c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 287c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_BOOT 22 288c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 289c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow raising priority and setting priority on other (different 290c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru UID) processes */ 291c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow use of FIFO and round-robin (realtime) scheduling on own 292c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru processes and setting the scheduling algorithm used by another 293c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru process. */ 294c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting cpu affinity on other processes */ 295c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 296c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_NICE 23 297c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 298c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override resource limits. Set resource limits. */ 299c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override quota limits. */ 300c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override reserved space on ext2 filesystem */ 301c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Modify data journaling mode on ext3 filesystem (uses journaling 302c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru resources) */ 303024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* NOTE: ext2 honors fsuid when checking for resource overrides, so 304c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru you can override using fsuid too */ 305c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override size restrictions on IPC message queues */ 306c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow more than 64hz interrupts from the real-time clock */ 307c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override max number of consoles on console allocation */ 308c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Override max number of keymaps */ 309c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 310c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_RESOURCE 24 311c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 312c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow manipulation of system clock */ 313c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow irix_stime on mips */ 314c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow setting the real-time clock */ 315c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 316c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_TIME 25 317c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 318c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow configuration of tty devices */ 319c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow vhangup() of tty */ 320c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 321c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_SYS_TTY_CONFIG 26 322c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 323c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow the privileged aspects of mknod() */ 324c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 325c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_MKNOD 27 326c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 327c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* Allow taking of leases on files */ 328c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 329c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_LEASE 28 330c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 331c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_AUDIT_WRITE 29 332c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 333c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#define CAP_AUDIT_CONTROL 30 334c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 335024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_SETFCAP 31 336024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 337024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Override MAC access. 338024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich The base kernel enforces no MAC policy. 339024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich An LSM may enforce a MAC policy, and if it does and it chooses 340024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich to implement capability based overrides of that policy, this is 341024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich the capability it should use to do so. */ 342024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 343024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_MAC_OVERRIDE 32 344024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 345024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Allow MAC configuration or state changes. 346024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich The base kernel requires no MAC configuration. 347024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich An LSM may enforce a MAC policy, and if it does and it chooses 348024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich to implement capability based checks on modifications to that 349024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich policy or the data required to maintain it, this is the 350024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich capability it should use to do so. */ 351024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 352024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_MAC_ADMIN 33 353024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 354024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Allow configuring the kernel's syslog (printk behaviour) */ 355024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 356024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_SYSLOG 34 357024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 358024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Allow triggering something that will wake the system */ 359024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 360024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_WAKE_ALARM 35 361024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 362024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 363024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_LAST_CAP CAP_WAKE_ALARM 364024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 365024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) 366024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 367024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* 368024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Bit location of each capability (used by user-space library and kernel) 369c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 370024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 371024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ 372024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ 373024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 374024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#ifdef __KERNEL__ 375024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 376024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct dentry; 377024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct user_namespace; 378024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 379024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstruct user_namespace *current_user_ns(void); 380024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 381024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern const kernel_cap_t __cap_empty_set; 382024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern const kernel_cap_t __cap_full_set; 383024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern const kernel_cap_t __cap_init_eff_set; 384c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 385c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru/* 386c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru * Internal kernel functions only 387c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru */ 388c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 389024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_FOR_EACH_U32(__capi) \ 390024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) 391c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 392024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* 393024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * CAP_FS_MASK and CAP_NFSD_MASKS: 394024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 395024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * The fs mask is all the privileges that fsuid==0 historically meant. 396024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE. 397024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 398024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * It has never meant setting security.* and trusted.* xattrs. 399024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 400024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * We could also define fsmask as follows: 401024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions 402024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * 2. The security.* and trusted.* xattrs are fs-related MAC permissions 403024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich */ 404c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 405024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ 406024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_MKNOD) \ 407024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ 408024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \ 409024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_FOWNER) \ 410024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_FSETID)) 411024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 412024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) 413024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 414024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#if _KERNEL_CAPABILITY_U32S != 2 415024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# error Fix up hand-coded capability macro initializers 416024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#else /* HAND-CODED capability initializers */ 417024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 418024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) 419024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) 420024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ 421024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ 422024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_FS_MASK_B1 } }) 423024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ 424024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich | CAP_TO_MASK(CAP_SYS_RESOURCE), \ 425024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_FS_MASK_B1 } }) 426024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 427024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#endif /* _KERNEL_CAPABILITY_U32S != 2 */ 428024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 429024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich# define cap_clear(c) do { (c) = __cap_empty_set; } while (0) 430024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 431024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) 432024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) 433024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag)) 434024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 435024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_BOP_ALL(c, a, b, OP) \ 436024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichdo { \ 437024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich unsigned __capi; \ 438024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_FOR_EACH_U32(__capi) { \ 439024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \ 440024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich } \ 441024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} while (0) 442024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 443024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich#define CAP_UOP_ALL(c, a, OP) \ 444024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichdo { \ 445024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich unsigned __capi; \ 446024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_FOR_EACH_U32(__capi) { \ 447024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich c.cap[__capi] = OP a.cap[__capi]; \ 448024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich } \ 449024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} while (0) 450024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 451024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_combine(const kernel_cap_t a, 452024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t b) 453024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 454024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t dest; 455024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_BOP_ALL(dest, a, b, |); 456024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return dest; 457024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 458c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 459024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_intersect(const kernel_cap_t a, 460024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t b) 461024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 462024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t dest; 463024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_BOP_ALL(dest, a, b, &); 464024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return dest; 465024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 466c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 467024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_drop(const kernel_cap_t a, 468024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t drop) 469024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 470024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t dest; 471024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_BOP_ALL(dest, a, drop, &~); 472024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return dest; 473024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 474c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 475024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_invert(const kernel_cap_t c) 476024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 477024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t dest; 478024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_UOP_ALL(dest, c, ~); 479024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return dest; 480024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 481c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 482024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline int cap_isclear(const kernel_cap_t a) 483c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 484024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich unsigned __capi; 485024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich CAP_FOR_EACH_U32(__capi) { 486024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich if (a.cap[__capi] != 0) 487024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return 0; 488024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich } 489024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return 1; 490c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 491c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 492024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* 493024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * Check if "a" is a subset of "set". 494024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * return 1 if ALL of the capabilities in "a" are also in "set" 495024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * cap_issubset(0101, 1111) will return 1 496024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * return 0 if ANY of the capabilities in "a" are not in "set" 497024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich * cap_issubset(1111, 0101) will return 0 498024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich */ 499024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) 500c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 501024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich kernel_cap_t dest; 502024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich dest = cap_drop(a, set); 503024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return cap_isclear(dest); 504c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 505c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 506024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* Used to decide between falling back on the old suser() or fsuser(). */ 507024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 508024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline int cap_is_fs_cap(int cap) 509c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 510024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t __cap_fs_set = CAP_FS_SET; 511024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]); 512c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 513c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 514024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) 515c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru{ 516024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t __cap_fs_set = CAP_FS_SET; 517024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return cap_drop(a, __cap_fs_set); 518c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru} 519c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 520024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, 521024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t permitted) 522024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 523024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t __cap_fs_set = CAP_FS_SET; 524024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return cap_combine(a, 525024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich cap_intersect(permitted, __cap_fs_set)); 526024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 527c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 528024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) 529024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 530024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t __cap_fs_set = CAP_NFSD_SET; 531024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return cap_drop(a, __cap_fs_set); 532024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 533c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 534024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichstatic inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, 535024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t permitted) 536024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich{ 537024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET; 538024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich return cap_combine(a, 539024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich cap_intersect(permitted, __cap_nfsd_set)); 540024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich} 541c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 542024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool has_capability(struct task_struct *t, int cap); 543024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool has_ns_capability(struct task_struct *t, 544024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich struct user_namespace *ns, int cap); 545024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool has_capability_noaudit(struct task_struct *t, int cap); 546024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool capable(int cap); 547024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool ns_capable(struct user_namespace *ns, int cap); 548024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool task_ns_capable(struct task_struct *t, int cap); 549024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern bool nsown_capable(int cap); 550024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich 551024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevich/* audit system wants to get cap info from files as well */ 552024c8814e728b094fbae4aee77787e121fdbf55dNick Kralevichextern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); 553c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 554c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /* __KERNEL__ */ 555c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru 556c559cd81139f97cecad1ad91a0b2e25a5936d53Jean-Baptiste Queru#endif /* !_LINUX_CAPABILITY_H */ 557