/*
* This is <linux/capability.h>
*
- * Andrew G. Morgan <morgan@transmeta.com>
+ * Andrew G. Morgan <morgan@kernel.org>
* Alexander Kjeldaas <astor@guardian.no>
* with help from Aleph1, Roland Buresund and Andrew Main.
*
* See here for the libcap library ("POSIX draft" compliance):
*
- * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/
- */
+ * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
+ */
#ifndef _LINUX_CAPABILITY_H
#define _LINUX_CAPABILITY_H
#include <linux/types.h>
#include <linux/compiler.h>
+struct task_struct;
+
/* User-level do most of the mapping between kernel and user
capabilities based on the version tag given by the kernel. The
kernel might be somewhat backwards compatible, but don't bet on
following structure to such a composite is better handled in a user
library since the draft standard requires the use of malloc/free
etc.. */
-
+
#define _LINUX_CAPABILITY_VERSION 0x19980330
typedef struct __user_cap_header_struct {
__u32 version;
int pid;
} __user *cap_user_header_t;
-
+
typedef struct __user_cap_data_struct {
__u32 effective;
__u32 permitted;
__u32 inheritable;
} __user *cap_user_data_t;
-
-#ifdef __KERNEL__
-#include <linux/spinlock.h>
-#include <asm/current.h>
+#define XATTR_CAPS_SUFFIX "capability"
+#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
+
+#define XATTR_CAPS_SZ (3*sizeof(__le32))
+#define VFS_CAP_REVISION_MASK 0xFF000000
+#define VFS_CAP_REVISION_1 0x01000000
+
+#define VFS_CAP_REVISION VFS_CAP_REVISION_1
+
+#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
+#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
+
+struct vfs_cap_data {
+ __u32 magic_etc; /* Little endian */
+ __u32 permitted; /* Little endian */
+ __u32 inheritable; /* Little endian */
+};
+
+#ifdef __KERNEL__
/* #define STRICT_CAP_T_TYPECHECKS */
typedef __u32 kernel_cap_t;
#endif
-
+
#define _USER_CAP_HEADER_SIZE (2*sizeof(__u32))
#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
/**
- ** POSIX-draft defined capabilities.
+ ** POSIX-draft defined capabilities.
**/
/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
#define CAP_DAC_READ_SEARCH 2
-
+
/* Overrides all restrictions about allowed operations on files, where
file owner ID must be equal to the user ID, except where CAP_FSETID
is applicable. It doesn't override MAC and DAC restrictions. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
resources) */
-/* NOTE: ext2 honors fsuid when checking for resource overrides, so
+/* NOTE: ext2 honors fsuid when checking for resource overrides, so
you can override using fsuid too */
/* Override size restrictions on IPC message queues */
/* Allow more than 64hz interrupts from the real-time clock */
#define CAP_AUDIT_CONTROL 30
+#define CAP_SETFCAP 31
+
#ifdef __KERNEL__
-/*
- * Bounding set
- */
-extern kernel_cap_t cap_bset;
/*
* Internal kernel functions only
*/
-
+
#ifdef STRICT_CAP_T_TYPECHECKS
#define to_cap_t(x) { x }
#define cap_is_fs_cap(c) (CAP_TO_MASK(c) & CAP_FS_MASK)
-extern int capable(int cap);
+int capable(int cap);
+int __capable(struct task_struct *t, int cap);
#endif /* __KERNEL__ */
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff