|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/audit.h>#include <linux/capability.h>#include <linux/mm.h>#include <linux/export.h>#include <linux/security.h>#include <linux/syscalls.h>#include <linux/pid_namespace.h>#include <linux/user_namespace.h>#include <asm/uaccess.h>Go to the source code of this file.
Functions | |
| EXPORT_SYMBOL (__cap_empty_set) | |
| __setup ("no_file_caps", file_caps_disable) | |
| SYSCALL_DEFINE2 (capget, cap_user_header_t, header, cap_user_data_t, dataptr) | |
| SYSCALL_DEFINE2 (capset, cap_user_header_t, header, const cap_user_data_t, data) | |
| bool | has_ns_capability (struct task_struct *t, struct user_namespace *ns, int cap) |
| bool | has_capability (struct task_struct *t, int cap) |
| bool | has_ns_capability_noaudit (struct task_struct *t, struct user_namespace *ns, int cap) |
| bool | has_capability_noaudit (struct task_struct *t, int cap) |
| bool | ns_capable (struct user_namespace *ns, int cap) |
| EXPORT_SYMBOL (ns_capable) | |
| bool | capable (int cap) |
| EXPORT_SYMBOL (capable) | |
| bool | nsown_capable (int cap) |
| bool | inode_capable (const struct inode *inode, int cap) |
Variables | |
| const kernel_cap_t | __cap_empty_set = CAP_EMPTY_SET |
| int | file_caps_enabled = 1 |
| __setup | ( | "no_file_caps" | , |
| file_caps_disable | |||
| ) |
capable - Determine if the current task has a superior capability in effect : The capability to be tested for
Return true if the current task has the given superior capability currently available for use, false if not.
This sets PF_SUPERPRIV on the task if the capability is available on the assumption that it's about to be used.
Definition at line 405 of file capability.c.
| EXPORT_SYMBOL | ( | __cap_empty_set | ) |
| EXPORT_SYMBOL | ( | ns_capable | ) |
| EXPORT_SYMBOL | ( | capable | ) |
| bool has_capability | ( | struct task_struct * | t, |
| int | cap | ||
| ) |
has_capability - Does a task have a capability in init_user_ns : The task in question : The capability to be tested for
Return true if the specified task has the given superior capability currently in effect to the initial user namespace, false if not.
Note that this does not set PF_SUPERPRIV on the task.
Definition at line 322 of file capability.c.
| bool has_capability_noaudit | ( | struct task_struct * | t, |
| int | cap | ||
| ) |
has_capability_noaudit - Does a task have a capability (unaudited) in the initial user ns : The task in question : The capability to be tested for
Return true if the specified task has the given superior capability currently in effect to init_user_ns, false if not. Don't write an audit message for the check.
Note that this does not set PF_SUPERPRIV on the task.
Definition at line 364 of file capability.c.
| bool has_ns_capability | ( | struct task_struct * | t, |
| struct user_namespace * | ns, | ||
| int | cap | ||
| ) |
has_ns_capability - Does a task have a capability in a specific user ns : The task in question : target user namespace : The capability to be tested for
Return true if the specified task has the given superior capability currently in effect to the specified user namespace, false if not.
Note that this does not set PF_SUPERPRIV on the task.
Definition at line 300 of file capability.c.
| bool has_ns_capability_noaudit | ( | struct task_struct * | t, |
| struct user_namespace * | ns, | ||
| int | cap | ||
| ) |
has_ns_capability_noaudit - Does a task have a capability (unaudited) in a specific user ns. : The task in question : target user namespace : The capability to be tested for
Return true if the specified task has the given superior capability currently in effect to the specified user namespace, false if not. Do not write an audit message for the check.
Note that this does not set PF_SUPERPRIV on the task.
Definition at line 340 of file capability.c.
inode_capable - Check superior capability over inode : The inode in question : The capability in question
Return true if the current task has the given superior capability targeted at it's own user namespace and that the given inode is owned by the current user namespace or a child namespace.
Currently we check to see if an inode is owned by the current user namespace by seeing if the inode's owner maps into the current user namespace.
Definition at line 437 of file capability.c.
| bool ns_capable | ( | struct user_namespace * | ns, |
| int | cap | ||
| ) |
ns_capable - Determine if the current task has a superior capability in effect : The usernamespace we want the capability in : The capability to be tested for
Return true if the current task has the given superior capability currently available for use, false if not.
This sets PF_SUPERPRIV on the task if the capability is available on the assumption that it's about to be used.
Definition at line 380 of file capability.c.
nsown_capable - Check superior capability to one's own user_ns : The capability in question
Return true if the current task has the given superior capability targeted at its own user namespace.
Definition at line 418 of file capability.c.
| SYSCALL_DEFINE2 | ( | capget | , |
| cap_user_header_t | , | ||
| header | , | ||
| cap_user_data_t | , | ||
| dataptr | |||
| ) |
sys_capget - get the capabilities of a given process. : pointer to struct that contains capability version and target pid data : pointer to struct that contains the effective, permitted, and inheritable capabilities that are returned
Returns 0 on success and < 0 on error.
Definition at line 158 of file capability.c.
| SYSCALL_DEFINE2 | ( | capset | , |
| cap_user_header_t | , | ||
| header | , | ||
| const cap_user_data_t | , | ||
| data | |||
| ) |
sys_capset - set capabilities for a process or (*) a group of processes : pointer to struct that contains capability version and target pid data : pointer to struct that contains the effective, permitted, and inheritable capabilities
Set capabilities for the current process only. The ability to any other process(es) has been deprecated and removed.
The restrictions on setting capabilities are specified as:
I: any raised capabilities must be a subset of the old permitted P: any raised capabilities must be a subset of the old permitted E: must be set to a subset of new permitted
Returns 0 on success and < 0 on error.
Definition at line 232 of file capability.c.
| const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET |
Definition at line 24 of file capability.c.
| int file_caps_enabled = 1 |
Definition at line 28 of file capability.c.
1.8.2