| 1 | /* |
|---|
| 2 | * This is <linux/capability.h> |
|---|
| 3 | * |
|---|
| 4 | * Andrew G. Morgan <morgan@transmeta.com> |
|---|
| 5 | * Alexander Kjeldaas <astor@guardian.no> |
|---|
| 6 | * with help from Aleph1, Roland Buresund and Andrew Main. |
|---|
| 7 | * |
|---|
| 8 | * See here for the libcap library ("POSIX draft" compliance): |
|---|
| 9 | * |
|---|
| 10 | * ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ |
|---|
| 11 | */ |
|---|
| 12 | |
|---|
| 13 | #ifndef _LINUX_CAPABILITY_H |
|---|
| 14 | #define _LINUX_CAPABILITY_H |
|---|
| 15 | |
|---|
| 16 | #include <linux/types.h> |
|---|
| 17 | |
|---|
| 18 | /* User-level do most of the mapping between kernel and user |
|---|
| 19 | capabilities based on the version tag given by the kernel. The |
|---|
| 20 | kernel might be somewhat backwards compatible, but don't bet on |
|---|
| 21 | it. */ |
|---|
| 22 | |
|---|
| 23 | /* XXX - Note, cap_t, is defined by POSIX to be an "opaque" pointer to |
|---|
| 24 | a set of three capability sets. The transposition of 3*the |
|---|
| 25 | following structure to such a composite is better handled in a user |
|---|
| 26 | library since the draft standard requires the use of malloc/free |
|---|
| 27 | etc.. */ |
|---|
| 28 | |
|---|
| 29 | #define _LINUX_CAPABILITY_VERSION 0x19980330 |
|---|
| 30 | |
|---|
| 31 | typedef struct __user_cap_header_struct { |
|---|
| 32 | __u32 version; |
|---|
| 33 | int pid; |
|---|
| 34 | } *cap_user_header_t; |
|---|
| 35 | |
|---|
| 36 | typedef struct __user_cap_data_struct { |
|---|
| 37 | __u32 effective; |
|---|
| 38 | __u32 permitted; |
|---|
| 39 | __u32 inheritable; |
|---|
| 40 | } *cap_user_data_t; |
|---|
| 41 | |
|---|
| 42 | |
|---|
| 43 | |
|---|
| 44 | /** |
|---|
| 45 | ** POSIX-draft defined capabilities. |
|---|
| 46 | **/ |
|---|
| 47 | |
|---|
| 48 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this |
|---|
| 49 | overrides the restriction of changing file ownership and group |
|---|
| 50 | ownership. */ |
|---|
| 51 | |
|---|
| 52 | #define CAP_CHOWN 0 |
|---|
| 53 | |
|---|
| 54 | /* Override all DAC access, including ACL execute access if |
|---|
| 55 | [_POSIX_ACL] is defined. Excluding DAC access covered by |
|---|
| 56 | CAP_LINUX_IMMUTABLE. */ |
|---|
| 57 | |
|---|
| 58 | #define CAP_DAC_OVERRIDE 1 |
|---|
| 59 | |
|---|
| 60 | /* Overrides all DAC restrictions regarding read and search on files |
|---|
| 61 | and directories, including ACL restrictions if [_POSIX_ACL] is |
|---|
| 62 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ |
|---|
| 63 | |
|---|
| 64 | #define CAP_DAC_READ_SEARCH 2 |
|---|
| 65 | |
|---|
| 66 | /* Overrides all restrictions about allowed operations on files, where |
|---|
| 67 | file owner ID must be equal to the user ID, except where CAP_FSETID |
|---|
| 68 | is applicable. It doesn't override MAC and DAC restrictions. */ |
|---|
| 69 | |
|---|
| 70 | #define CAP_FOWNER 3 |
|---|
| 71 | |
|---|
| 72 | /* Overrides the following restrictions that the effective user ID |
|---|
| 73 | shall match the file owner ID when setting the S_ISUID and S_ISGID |
|---|
| 74 | bits on that file; that the effective group ID (or one of the |
|---|
| 75 | supplementary group IDs) shall match the file owner ID when setting |
|---|
| 76 | the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are |
|---|
| 77 | cleared on successful return from chown(2) (not implemented). */ |
|---|
| 78 | |
|---|
| 79 | #define CAP_FSETID 4 |
|---|
| 80 | |
|---|
| 81 | /* Used to decide between falling back on the old suser() or fsuser(). */ |
|---|
| 82 | |
|---|
| 83 | #define CAP_FS_MASK 0x1f |
|---|
| 84 | |
|---|
| 85 | /* Overrides the restriction that the real or effective user ID of a |
|---|
| 86 | process sending a signal must match the real or effective user ID |
|---|
| 87 | of the process receiving the signal. */ |
|---|
| 88 | |
|---|
| 89 | #define CAP_KILL 5 |
|---|
| 90 | |
|---|
| 91 | /* Allows setgid(2) manipulation */ |
|---|
| 92 | /* Allows setgroups(2) */ |
|---|
| 93 | /* Allows forged gids on socket credentials passing. */ |
|---|
| 94 | |
|---|
| 95 | #define CAP_SETGID 6 |
|---|
| 96 | |
|---|
| 97 | /* Allows set*uid(2) manipulation (including fsuid). */ |
|---|
| 98 | /* Allows forged pids on socket credentials passing. */ |
|---|
| 99 | |
|---|
| 100 | #define CAP_SETUID 7 |
|---|
| 101 | |
|---|
| 102 | |
|---|
| 103 | /** |
|---|
| 104 | ** Linux-specific capabilities |
|---|
| 105 | **/ |
|---|
| 106 | |
|---|
| 107 | /* Transfer any capability in your permitted set to any pid, |
|---|
| 108 | remove any capability in your permitted set from any pid */ |
|---|
| 109 | |
|---|
| 110 | #define CAP_SETPCAP 8 |
|---|
| 111 | |
|---|
| 112 | /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ |
|---|
| 113 | |
|---|
| 114 | #define CAP_LINUX_IMMUTABLE 9 |
|---|
| 115 | |
|---|
| 116 | /* Allows binding to TCP/UDP sockets below 1024 */ |
|---|
| 117 | /* Allows binding to ATM VCIs below 32 */ |
|---|
| 118 | |
|---|
| 119 | #define CAP_NET_BIND_SERVICE 10 |
|---|
| 120 | |
|---|
| 121 | /* Allow broadcasting, listen to multicast */ |
|---|
| 122 | |
|---|
| 123 | #define CAP_NET_BROADCAST 11 |
|---|
| 124 | |
|---|
| 125 | /* Allow interface configuration */ |
|---|
| 126 | /* Allow administration of IP firewall, masquerading and accounting */ |
|---|
| 127 | /* Allow setting debug option on sockets */ |
|---|
| 128 | /* Allow modification of routing tables */ |
|---|
| 129 | /* Allow setting arbitrary process / process group ownership on |
|---|
| 130 | sockets */ |
|---|
| 131 | /* Allow binding to any address for transparent proxying */ |
|---|
| 132 | /* Allow setting TOS (type of service) */ |
|---|
| 133 | /* Allow setting promiscuous mode */ |
|---|
| 134 | /* Allow clearing driver statistics */ |
|---|
| 135 | /* Allow multicasting */ |
|---|
| 136 | /* Allow read/write of device-specific registers */ |
|---|
| 137 | /* Allow activation of ATM control sockets */ |
|---|
| 138 | |
|---|
| 139 | #define CAP_NET_ADMIN 12 |
|---|
| 140 | |
|---|
| 141 | /* Allow use of RAW sockets */ |
|---|
| 142 | /* Allow use of PACKET sockets */ |
|---|
| 143 | |
|---|
| 144 | #define CAP_NET_RAW 13 |
|---|
| 145 | |
|---|
| 146 | /* Allow locking of shared memory segments */ |
|---|
| 147 | /* Allow mlock and mlockall (which doesn't really have anything to do |
|---|
| 148 | with IPC) */ |
|---|
| 149 | |
|---|
| 150 | #define CAP_IPC_LOCK 14 |
|---|
| 151 | |
|---|
| 152 | /* Override IPC ownership checks */ |
|---|
| 153 | |
|---|
| 154 | #define CAP_IPC_OWNER 15 |
|---|
| 155 | |
|---|
| 156 | /* Insert and remove kernel modules - modify kernel without limit */ |
|---|
| 157 | /* Modify cap_bset */ |
|---|
| 158 | #define CAP_SYS_MODULE 16 |
|---|
| 159 | |
|---|
| 160 | /* Allow ioperm/iopl access */ |
|---|
| 161 | /* Allow sending USB messages to any device via /proc/bus/usb */ |
|---|
| 162 | |
|---|
| 163 | #define CAP_SYS_RAWIO 17 |
|---|
| 164 | |
|---|
| 165 | /* Allow use of chroot() */ |
|---|
| 166 | |
|---|
| 167 | #define CAP_SYS_CHROOT 18 |
|---|
| 168 | |
|---|
| 169 | /* Allow ptrace() of any process */ |
|---|
| 170 | |
|---|
| 171 | #define CAP_SYS_PTRACE 19 |
|---|
| 172 | |
|---|
| 173 | /* Allow configuration of process accounting */ |
|---|
| 174 | |
|---|
| 175 | #define CAP_SYS_PACCT 20 |
|---|
| 176 | |
|---|
| 177 | /* Allow configuration of the secure attention key */ |
|---|
| 178 | /* Allow administration of the random device */ |
|---|
| 179 | /* Allow examination and configuration of disk quotas */ |
|---|
| 180 | /* Allow configuring the kernel's syslog (printk behaviour) */ |
|---|
| 181 | /* Allow setting the domainname */ |
|---|
| 182 | /* Allow setting the hostname */ |
|---|
| 183 | /* Allow calling bdflush() */ |
|---|
| 184 | /* Allow mount() and umount(), setting up new smb connection */ |
|---|
| 185 | /* Allow some autofs root ioctls */ |
|---|
| 186 | /* Allow nfsservctl */ |
|---|
| 187 | /* Allow VM86_REQUEST_IRQ */ |
|---|
| 188 | /* Allow to read/write pci config on alpha */ |
|---|
| 189 | /* Allow irix_prctl on mips (setstacksize) */ |
|---|
| 190 | /* Allow flushing all cache on m68k (sys_cacheflush) */ |
|---|
| 191 | /* Allow removing semaphores */ |
|---|
| 192 | /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores |
|---|
| 193 | and shared memory */ |
|---|
| 194 | /* Allow locking/unlocking of shared memory segment */ |
|---|
| 195 | /* Allow turning swap on/off */ |
|---|
| 196 | /* Allow forged pids on socket credentials passing */ |
|---|
| 197 | /* Allow setting readahead and flushing buffers on block devices */ |
|---|
| 198 | /* Allow setting geometry in floppy driver */ |
|---|
| 199 | /* Allow turning DMA on/off in xd driver */ |
|---|
| 200 | /* Allow administration of md devices (mostly the above, but some |
|---|
| 201 | extra ioctls) */ |
|---|
| 202 | /* Allow tuning the ide driver */ |
|---|
| 203 | /* Allow access to the nvram device */ |
|---|
| 204 | /* Allow administration of apm_bios, serial and bttv (TV) device */ |
|---|
| 205 | /* Allow manufacturer commands in isdn CAPI support driver */ |
|---|
| 206 | /* Allow reading non-standardized portions of pci configuration space */ |
|---|
| 207 | /* Allow DDI debug ioctl on sbpcd driver */ |
|---|
| 208 | /* Allow setting up serial ports */ |
|---|
| 209 | /* Allow sending raw qic-117 commands */ |
|---|
| 210 | /* Allow enabling/disabling tagged queuing on SCSI controllers and sending |
|---|
| 211 | arbitrary SCSI commands */ |
|---|
| 212 | /* Allow setting encryption key on loopback filesystem */ |
|---|
| 213 | |
|---|
| 214 | #define CAP_SYS_ADMIN 21 |
|---|
| 215 | |
|---|
| 216 | /* Allow use of reboot() */ |
|---|
| 217 | |
|---|
| 218 | #define CAP_SYS_BOOT 22 |
|---|
| 219 | |
|---|
| 220 | /* Allow raising priority and setting priority on other (different |
|---|
| 221 | UID) processes */ |
|---|
| 222 | /* Allow use of FIFO and round-robin (realtime) scheduling on own |
|---|
| 223 | processes and setting the scheduling algorithm used by another |
|---|
| 224 | process. */ |
|---|
| 225 | /* Allow setting cpu affinity on other processes */ |
|---|
| 226 | |
|---|
| 227 | #define CAP_SYS_NICE 23 |
|---|
| 228 | |
|---|
| 229 | /* Override resource limits. Set resource limits. */ |
|---|
| 230 | /* Override quota limits. */ |
|---|
| 231 | /* Override reserved space on ext2 filesystem */ |
|---|
| 232 | /* Modify data journaling mode on ext3 filesystem (uses journaling |
|---|
| 233 | resources) */ |
|---|
| 234 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so |
|---|
| 235 | you can override using fsuid too */ |
|---|
| 236 | /* Override size restrictions on IPC message queues */ |
|---|
| 237 | /* Allow more than 64hz interrupts from the real-time clock */ |
|---|
| 238 | /* Override max number of consoles on console allocation */ |
|---|
| 239 | /* Override max number of keymaps */ |
|---|
| 240 | |
|---|
| 241 | #define CAP_SYS_RESOURCE 24 |
|---|
| 242 | |
|---|
| 243 | /* Allow manipulation of system clock */ |
|---|
| 244 | /* Allow irix_stime on mips */ |
|---|
| 245 | /* Allow setting the real-time clock */ |
|---|
| 246 | |
|---|
| 247 | #define CAP_SYS_TIME 25 |
|---|
| 248 | |
|---|
| 249 | /* Allow configuration of tty devices */ |
|---|
| 250 | /* Allow vhangup() of tty */ |
|---|
| 251 | |
|---|
| 252 | #define CAP_SYS_TTY_CONFIG 26 |
|---|
| 253 | |
|---|
| 254 | /* Allow the privileged aspects of mknod() */ |
|---|
| 255 | |
|---|
| 256 | #define CAP_MKNOD 27 |
|---|
| 257 | |
|---|
| 258 | /* Allow taking of leases on files */ |
|---|
| 259 | |
|---|
| 260 | #define CAP_LEASE 28 |
|---|
| 261 | |
|---|
| 262 | #define CAP_AUDIT_WRITE 29 |
|---|
| 263 | |
|---|
| 264 | #define CAP_AUDIT_CONTROL 30 |
|---|
| 265 | |
|---|
| 266 | #endif /* !_LINUX_CAPABILITY_H */ |
|---|
