]>
Commit | Line | Data |
---|---|---|
607ca46e DH |
1 | /* |
2 | * This is <linux/capability.h> | |
3 | * | |
4 | * Andrew G. Morgan <morgan@kernel.org> | |
5 | * Alexander Kjeldaas <astor@guardian.no> | |
6 | * with help from Aleph1, Roland Buresund and Andrew Main. | |
7 | * | |
8 | * See here for the libcap library ("POSIX draft" compliance): | |
9 | * | |
10 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ | |
11 | */ | |
12 | ||
13 | #ifndef _UAPI_LINUX_CAPABILITY_H | |
14 | #define _UAPI_LINUX_CAPABILITY_H | |
15 | ||
16 | #include <linux/types.h> | |
17 | ||
607ca46e DH |
18 | /* User-level do most of the mapping between kernel and user |
19 | capabilities based on the version tag given by the kernel. The | |
20 | kernel might be somewhat backwards compatible, but don't bet on | |
21 | it. */ | |
22 | ||
23 | /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to | |
24 | a set of three capability sets. The transposition of 3*the | |
25 | following structure to such a composite is better handled in a user | |
26 | library since the draft standard requires the use of malloc/free | |
27 | etc.. */ | |
28 | ||
29 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 | |
30 | #define _LINUX_CAPABILITY_U32S_1 1 | |
31 | ||
32 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ | |
33 | #define _LINUX_CAPABILITY_U32S_2 2 | |
34 | ||
35 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 | |
36 | #define _LINUX_CAPABILITY_U32S_3 2 | |
37 | ||
38 | typedef struct __user_cap_header_struct { | |
39 | __u32 version; | |
40 | int pid; | |
41 | } __user *cap_user_header_t; | |
42 | ||
43 | typedef struct __user_cap_data_struct { | |
44 | __u32 effective; | |
45 | __u32 permitted; | |
46 | __u32 inheritable; | |
47 | } __user *cap_user_data_t; | |
48 | ||
49 | ||
50 | #define VFS_CAP_REVISION_MASK 0xFF000000 | |
51 | #define VFS_CAP_REVISION_SHIFT 24 | |
52 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK | |
53 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | |
54 | ||
55 | #define VFS_CAP_REVISION_1 0x01000000 | |
56 | #define VFS_CAP_U32_1 1 | |
57 | #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) | |
58 | ||
59 | #define VFS_CAP_REVISION_2 0x02000000 | |
60 | #define VFS_CAP_U32_2 2 | |
61 | #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) | |
62 | ||
d7acd1fa SH |
63 | #define VFS_CAP_REVISION_3 0x03000000 |
64 | #define VFS_CAP_U32_3 2 | |
65 | #define XATTR_CAPS_SZ_3 (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3)) | |
66 | ||
67 | #define XATTR_CAPS_SZ XATTR_CAPS_SZ_3 | |
68 | #define VFS_CAP_U32 VFS_CAP_U32_3 | |
69 | #define VFS_CAP_REVISION VFS_CAP_REVISION_3 | |
607ca46e DH |
70 | |
71 | struct vfs_cap_data { | |
72 | __le32 magic_etc; /* Little endian */ | |
73 | struct { | |
74 | __le32 permitted; /* Little endian */ | |
75 | __le32 inheritable; /* Little endian */ | |
76 | } data[VFS_CAP_U32]; | |
77 | }; | |
78 | ||
d7acd1fa SH |
79 | /* |
80 | * same as vfs_cap_data but with a rootid at the end | |
81 | */ | |
82 | struct vfs_ns_cap_data { | |
83 | __le32 magic_etc; | |
84 | struct { | |
85 | __le32 permitted; /* Little endian */ | |
86 | __le32 inheritable; /* Little endian */ | |
87 | } data[VFS_CAP_U32]; | |
88 | __le32 rootid; | |
89 | }; | |
90 | ||
607ca46e DH |
91 | #ifndef __KERNEL__ |
92 | ||
93 | /* | |
94 | * Backwardly compatible definition for source code - trapped in a | |
95 | * 32-bit world. If you find you need this, please consider using | |
96 | * libcap to untrap yourself... | |
97 | */ | |
98 | #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 | |
99 | #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 | |
100 | ||
101 | #endif | |
102 | ||
103 | ||
104 | /** | |
105 | ** POSIX-draft defined capabilities. | |
106 | **/ | |
107 | ||
108 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this | |
109 | overrides the restriction of changing file ownership and group | |
110 | ownership. */ | |
111 | ||
112 | #define CAP_CHOWN 0 | |
113 | ||
114 | /* Override all DAC access, including ACL execute access if | |
115 | [_POSIX_ACL] is defined. Excluding DAC access covered by | |
116 | CAP_LINUX_IMMUTABLE. */ | |
117 | ||
118 | #define CAP_DAC_OVERRIDE 1 | |
119 | ||
120 | /* Overrides all DAC restrictions regarding read and search on files | |
121 | and directories, including ACL restrictions if [_POSIX_ACL] is | |
122 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ | |
123 | ||
124 | #define CAP_DAC_READ_SEARCH 2 | |
125 | ||
126 | /* Overrides all restrictions about allowed operations on files, where | |
127 | file owner ID must be equal to the user ID, except where CAP_FSETID | |
128 | is applicable. It doesn't override MAC and DAC restrictions. */ | |
129 | ||
130 | #define CAP_FOWNER 3 | |
131 | ||
132 | /* Overrides the following restrictions that the effective user ID | |
133 | shall match the file owner ID when setting the S_ISUID and S_ISGID | |
134 | bits on that file; that the effective group ID (or one of the | |
135 | supplementary group IDs) shall match the file owner ID when setting | |
136 | the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are | |
137 | cleared on successful return from chown(2) (not implemented). */ | |
138 | ||
139 | #define CAP_FSETID 4 | |
140 | ||
141 | /* Overrides the restriction that the real or effective user ID of a | |
142 | process sending a signal must match the real or effective user ID | |
143 | of the process receiving the signal. */ | |
144 | ||
145 | #define CAP_KILL 5 | |
146 | ||
147 | /* Allows setgid(2) manipulation */ | |
148 | /* Allows setgroups(2) */ | |
149 | /* Allows forged gids on socket credentials passing. */ | |
150 | ||
151 | #define CAP_SETGID 6 | |
152 | ||
153 | /* Allows set*uid(2) manipulation (including fsuid). */ | |
154 | /* Allows forged pids on socket credentials passing. */ | |
155 | ||
156 | #define CAP_SETUID 7 | |
157 | ||
158 | ||
159 | /** | |
160 | ** Linux-specific capabilities | |
161 | **/ | |
162 | ||
163 | /* Without VFS support for capabilities: | |
164 | * Transfer any capability in your permitted set to any pid, | |
165 | * remove any capability in your permitted set from any pid | |
166 | * With VFS support for capabilities (neither of above, but) | |
167 | * Add any capability from current's capability bounding set | |
168 | * to the current process' inheritable set | |
169 | * Allow taking bits out of capability bounding set | |
170 | * Allow modification of the securebits for a process | |
171 | */ | |
172 | ||
173 | #define CAP_SETPCAP 8 | |
174 | ||
175 | /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ | |
176 | ||
177 | #define CAP_LINUX_IMMUTABLE 9 | |
178 | ||
179 | /* Allows binding to TCP/UDP sockets below 1024 */ | |
180 | /* Allows binding to ATM VCIs below 32 */ | |
181 | ||
182 | #define CAP_NET_BIND_SERVICE 10 | |
183 | ||
184 | /* Allow broadcasting, listen to multicast */ | |
185 | ||
186 | #define CAP_NET_BROADCAST 11 | |
187 | ||
188 | /* Allow interface configuration */ | |
189 | /* Allow administration of IP firewall, masquerading and accounting */ | |
190 | /* Allow setting debug option on sockets */ | |
191 | /* Allow modification of routing tables */ | |
192 | /* Allow setting arbitrary process / process group ownership on | |
193 | sockets */ | |
194 | /* Allow binding to any address for transparent proxying (also via NET_RAW) */ | |
195 | /* Allow setting TOS (type of service) */ | |
196 | /* Allow setting promiscuous mode */ | |
197 | /* Allow clearing driver statistics */ | |
198 | /* Allow multicasting */ | |
199 | /* Allow read/write of device-specific registers */ | |
200 | /* Allow activation of ATM control sockets */ | |
201 | ||
202 | #define CAP_NET_ADMIN 12 | |
203 | ||
204 | /* Allow use of RAW sockets */ | |
205 | /* Allow use of PACKET sockets */ | |
206 | /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ | |
207 | ||
208 | #define CAP_NET_RAW 13 | |
209 | ||
210 | /* Allow locking of shared memory segments */ | |
211 | /* Allow mlock and mlockall (which doesn't really have anything to do | |
212 | with IPC) */ | |
213 | ||
214 | #define CAP_IPC_LOCK 14 | |
215 | ||
216 | /* Override IPC ownership checks */ | |
217 | ||
218 | #define CAP_IPC_OWNER 15 | |
219 | ||
220 | /* Insert and remove kernel modules - modify kernel without limit */ | |
221 | #define CAP_SYS_MODULE 16 | |
222 | ||
223 | /* Allow ioperm/iopl access */ | |
21470e32 | 224 | /* Allow sending USB messages to any device via /dev/bus/usb */ |
607ca46e DH |
225 | |
226 | #define CAP_SYS_RAWIO 17 | |
227 | ||
228 | /* Allow use of chroot() */ | |
229 | ||
230 | #define CAP_SYS_CHROOT 18 | |
231 | ||
232 | /* Allow ptrace() of any process */ | |
233 | ||
234 | #define CAP_SYS_PTRACE 19 | |
235 | ||
236 | /* Allow configuration of process accounting */ | |
237 | ||
238 | #define CAP_SYS_PACCT 20 | |
239 | ||
240 | /* Allow configuration of the secure attention key */ | |
241 | /* Allow administration of the random device */ | |
242 | /* Allow examination and configuration of disk quotas */ | |
243 | /* Allow setting the domainname */ | |
244 | /* Allow setting the hostname */ | |
245 | /* Allow calling bdflush() */ | |
246 | /* Allow mount() and umount(), setting up new smb connection */ | |
247 | /* Allow some autofs root ioctls */ | |
248 | /* Allow nfsservctl */ | |
249 | /* Allow VM86_REQUEST_IRQ */ | |
250 | /* Allow to read/write pci config on alpha */ | |
251 | /* Allow irix_prctl on mips (setstacksize) */ | |
252 | /* Allow flushing all cache on m68k (sys_cacheflush) */ | |
253 | /* Allow removing semaphores */ | |
254 | /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores | |
255 | and shared memory */ | |
256 | /* Allow locking/unlocking of shared memory segment */ | |
257 | /* Allow turning swap on/off */ | |
258 | /* Allow forged pids on socket credentials passing */ | |
259 | /* Allow setting readahead and flushing buffers on block devices */ | |
260 | /* Allow setting geometry in floppy driver */ | |
261 | /* Allow turning DMA on/off in xd driver */ | |
262 | /* Allow administration of md devices (mostly the above, but some | |
263 | extra ioctls) */ | |
264 | /* Allow tuning the ide driver */ | |
265 | /* Allow access to the nvram device */ | |
266 | /* Allow administration of apm_bios, serial and bttv (TV) device */ | |
267 | /* Allow manufacturer commands in isdn CAPI support driver */ | |
268 | /* Allow reading non-standardized portions of pci configuration space */ | |
269 | /* Allow DDI debug ioctl on sbpcd driver */ | |
270 | /* Allow setting up serial ports */ | |
271 | /* Allow sending raw qic-117 commands */ | |
272 | /* Allow enabling/disabling tagged queuing on SCSI controllers and sending | |
273 | arbitrary SCSI commands */ | |
274 | /* Allow setting encryption key on loopback filesystem */ | |
275 | /* Allow setting zone reclaim policy */ | |
276 | ||
277 | #define CAP_SYS_ADMIN 21 | |
278 | ||
279 | /* Allow use of reboot() */ | |
280 | ||
281 | #define CAP_SYS_BOOT 22 | |
282 | ||
283 | /* Allow raising priority and setting priority on other (different | |
284 | UID) processes */ | |
285 | /* Allow use of FIFO and round-robin (realtime) scheduling on own | |
286 | processes and setting the scheduling algorithm used by another | |
287 | process. */ | |
288 | /* Allow setting cpu affinity on other processes */ | |
289 | ||
290 | #define CAP_SYS_NICE 23 | |
291 | ||
292 | /* Override resource limits. Set resource limits. */ | |
293 | /* Override quota limits. */ | |
294 | /* Override reserved space on ext2 filesystem */ | |
295 | /* Modify data journaling mode on ext3 filesystem (uses journaling | |
296 | resources) */ | |
297 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so | |
298 | you can override using fsuid too */ | |
299 | /* Override size restrictions on IPC message queues */ | |
300 | /* Allow more than 64hz interrupts from the real-time clock */ | |
301 | /* Override max number of consoles on console allocation */ | |
302 | /* Override max number of keymaps */ | |
303 | ||
304 | #define CAP_SYS_RESOURCE 24 | |
305 | ||
306 | /* Allow manipulation of system clock */ | |
307 | /* Allow irix_stime on mips */ | |
308 | /* Allow setting the real-time clock */ | |
309 | ||
310 | #define CAP_SYS_TIME 25 | |
311 | ||
312 | /* Allow configuration of tty devices */ | |
313 | /* Allow vhangup() of tty */ | |
314 | ||
315 | #define CAP_SYS_TTY_CONFIG 26 | |
316 | ||
317 | /* Allow the privileged aspects of mknod() */ | |
318 | ||
319 | #define CAP_MKNOD 27 | |
320 | ||
321 | /* Allow taking of leases on files */ | |
322 | ||
323 | #define CAP_LEASE 28 | |
324 | ||
147d2601 RGB |
325 | /* Allow writing the audit log via unicast netlink socket */ |
326 | ||
607ca46e DH |
327 | #define CAP_AUDIT_WRITE 29 |
328 | ||
147d2601 RGB |
329 | /* Allow configuration of audit via unicast netlink socket */ |
330 | ||
607ca46e DH |
331 | #define CAP_AUDIT_CONTROL 30 |
332 | ||
333 | #define CAP_SETFCAP 31 | |
334 | ||
335 | /* Override MAC access. | |
336 | The base kernel enforces no MAC policy. | |
337 | An LSM may enforce a MAC policy, and if it does and it chooses | |
338 | to implement capability based overrides of that policy, this is | |
339 | the capability it should use to do so. */ | |
340 | ||
341 | #define CAP_MAC_OVERRIDE 32 | |
342 | ||
343 | /* Allow MAC configuration or state changes. | |
344 | The base kernel requires no MAC configuration. | |
345 | An LSM may enforce a MAC policy, and if it does and it chooses | |
346 | to implement capability based checks on modifications to that | |
347 | policy or the data required to maintain it, this is the | |
348 | capability it should use to do so. */ | |
349 | ||
350 | #define CAP_MAC_ADMIN 33 | |
351 | ||
352 | /* Allow configuring the kernel's syslog (printk behaviour) */ | |
353 | ||
354 | #define CAP_SYSLOG 34 | |
355 | ||
356 | /* Allow triggering something that will wake the system */ | |
357 | ||
358 | #define CAP_WAKE_ALARM 35 | |
359 | ||
360 | /* Allow preventing system suspends */ | |
361 | ||
362 | #define CAP_BLOCK_SUSPEND 36 | |
363 | ||
3a101b8d RGB |
364 | /* Allow reading the audit log via multicast netlink socket */ |
365 | ||
366 | #define CAP_AUDIT_READ 37 | |
367 | ||
368 | ||
369 | #define CAP_LAST_CAP CAP_AUDIT_READ | |
607ca46e DH |
370 | |
371 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) | |
372 | ||
373 | /* | |
374 | * Bit location of each capability (used by user-space library and kernel) | |
375 | */ | |
376 | ||
377 | #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ | |
378 | #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ | |
379 | ||
380 | ||
381 | #endif /* _UAPI_LINUX_CAPABILITY_H */ |