Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Typedefs | Functions | Variables
capability.h File Reference
#include <uapi/linux/capability.h>

Go to the source code of this file.

Data Structures

struct  kernel_cap_struct
 
struct  cpu_vfs_cap_data
 

Macros

#define _KERNEL_CAPABILITY_VERSION   _LINUX_CAPABILITY_VERSION_3
 
#define _KERNEL_CAPABILITY_U32S   _LINUX_CAPABILITY_U32S_3
 
#define _USER_CAP_HEADER_SIZE   (sizeof(struct __user_cap_header_struct))
 
#define _KERNEL_CAP_T_SIZE   (sizeof(kernel_cap_t))
 
#define CAP_FOR_EACH_U32(__capi)   for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
 
#define CAP_FS_MASK_B0
 
#define CAP_FS_MASK_B1   (CAP_TO_MASK(CAP_MAC_OVERRIDE))
 
#define cap_clear(c)   do { (c) = __cap_empty_set; } while (0)
 
#define cap_raise(c, flag)   ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
 
#define cap_lower(c, flag)   ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
 
#define cap_raised(c, flag)   ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
 
#define CAP_BOP_ALL(c, a, b, OP)
 
#define CAP_UOP_ALL(c, a, OP)
 

Typedefs

typedef struct kernel_cap_struct kernel_cap_t
 

Functions

struct user_namespacecurrent_user_ns (void)
 
bool has_capability (struct task_struct *t, int cap)
 
bool has_ns_capability (struct task_struct *t, struct user_namespace *ns, int cap)
 
bool has_capability_noaudit (struct task_struct *t, int cap)
 
bool has_ns_capability_noaudit (struct task_struct *t, struct user_namespace *ns, int cap)
 
bool capable (int cap)
 
bool ns_capable (struct user_namespace *ns, int cap)
 
bool nsown_capable (int cap)
 
bool inode_capable (const struct inode *inode, int cap)
 
int get_vfs_caps_from_disk (const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
 

Variables

int file_caps_enabled
 
const kernel_cap_t __cap_empty_set
 
const kernel_cap_t __cap_init_eff_set
 

Macro Definition Documentation

#define _KERNEL_CAP_T_SIZE   (sizeof(kernel_cap_t))

Definition at line 35 of file capability.h.

#define _KERNEL_CAPABILITY_U32S   _LINUX_CAPABILITY_U32S_3

Definition at line 19 of file capability.h.

#define _KERNEL_CAPABILITY_VERSION   _LINUX_CAPABILITY_VERSION_3

Definition at line 18 of file capability.h.

#define _USER_CAP_HEADER_SIZE   (sizeof(struct __user_cap_header_struct))

Definition at line 34 of file capability.h.

#define CAP_BOP_ALL (   c,
  a,
  b,
  OP 
)
Value:
do { \
unsigned __capi; \
CAP_FOR_EACH_U32(__capi) { \
c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
} \
} while (0)

Definition at line 97 of file capability.h.

#define cap_clear (   c)    do { (c) = __cap_empty_set; } while (0)

Definition at line 91 of file capability.h.

#define CAP_FOR_EACH_U32 (   __capi)    for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)

Definition at line 51 of file capability.h.

#define CAP_FS_MASK_B0
Value:
(CAP_TO_MASK(CAP_CHOWN) \
| CAP_TO_MASK(CAP_MKNOD) \
| CAP_TO_MASK(CAP_DAC_OVERRIDE) \
| CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
| CAP_TO_MASK(CAP_FOWNER) \
| CAP_TO_MASK(CAP_FSETID))

Definition at line 67 of file capability.h.

#define CAP_FS_MASK_B1   (CAP_TO_MASK(CAP_MAC_OVERRIDE))

Definition at line 74 of file capability.h.

#define cap_lower (   c,
  flag 
)    ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))

Definition at line 94 of file capability.h.

#define cap_raise (   c,
  flag 
)    ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))

Definition at line 93 of file capability.h.

#define cap_raised (   c,
  flag 
)    ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))

Definition at line 95 of file capability.h.

#define CAP_UOP_ALL (   c,
  a,
  OP 
)
Value:
do { \
unsigned __capi; \
CAP_FOR_EACH_U32(__capi) { \
c.cap[__capi] = OP a.cap[__capi]; \
} \
} while (0)

Definition at line 105 of file capability.h.

Typedef Documentation

typedef struct kernel_cap_struct kernel_cap_t

Function Documentation

bool capable ( int  cap)

capable - Determine if the current task has a superior capability in effect : The capability to be tested for

Return true if the current task has the given superior capability currently available for use, false if not.

This sets PF_SUPERPRIV on the task if the capability is available on the assumption that it's about to be used.

Definition at line 405 of file capability.c.

struct user_namespace* current_user_ns ( void  )
read
int get_vfs_caps_from_disk ( const struct dentry dentry,
struct cpu_vfs_cap_data cpu_caps 
)

Definition at line 367 of file commoncap.c.

bool has_capability ( struct task_struct t,
int  cap 
)

has_capability - Does a task have a capability in init_user_ns : The task in question : The capability to be tested for

Return true if the specified task has the given superior capability currently in effect to the initial user namespace, false if not.

Note that this does not set PF_SUPERPRIV on the task.

Definition at line 322 of file capability.c.

bool has_capability_noaudit ( struct task_struct t,
int  cap 
)

has_capability_noaudit - Does a task have a capability (unaudited) in the initial user ns : The task in question : The capability to be tested for

Return true if the specified task has the given superior capability currently in effect to init_user_ns, false if not. Don't write an audit message for the check.

Note that this does not set PF_SUPERPRIV on the task.

Definition at line 364 of file capability.c.

bool has_ns_capability ( struct task_struct t,
struct user_namespace ns,
int  cap 
)

has_ns_capability - Does a task have a capability in a specific user ns : The task in question : target user namespace : The capability to be tested for

Return true if the specified task has the given superior capability currently in effect to the specified user namespace, false if not.

Note that this does not set PF_SUPERPRIV on the task.

Definition at line 300 of file capability.c.

bool has_ns_capability_noaudit ( struct task_struct t,
struct user_namespace ns,
int  cap 
)

has_ns_capability_noaudit - Does a task have a capability (unaudited) in a specific user ns. : The task in question : target user namespace : The capability to be tested for

Return true if the specified task has the given superior capability currently in effect to the specified user namespace, false if not. Do not write an audit message for the check.

Note that this does not set PF_SUPERPRIV on the task.

Definition at line 340 of file capability.c.

bool inode_capable ( const struct inode inode,
int  cap 
)

inode_capable - Check superior capability over inode : The inode in question : The capability in question

Return true if the current task has the given superior capability targeted at it's own user namespace and that the given inode is owned by the current user namespace or a child namespace.

Currently we check to see if an inode is owned by the current user namespace by seeing if the inode's owner maps into the current user namespace.

Definition at line 437 of file capability.c.

bool ns_capable ( struct user_namespace ns,
int  cap 
)

ns_capable - Determine if the current task has a superior capability in effect : The usernamespace we want the capability in : The capability to be tested for

Return true if the current task has the given superior capability currently available for use, false if not.

This sets PF_SUPERPRIV on the task if the capability is available on the assumption that it's about to be used.

Definition at line 380 of file capability.c.

bool nsown_capable ( int  cap)

nsown_capable - Check superior capability to one's own user_ns : The capability in question

Return true if the current task has the given superior capability targeted at its own user namespace.

Definition at line 418 of file capability.c.

Variable Documentation

const kernel_cap_t __cap_empty_set

Definition at line 24 of file capability.c.

const kernel_cap_t __cap_init_eff_set
int file_caps_enabled

Definition at line 28 of file capability.c.

Generated on Thu Jan 10 2013 15:56:37 for Linux Kernel by   doxygen 1.8.2