svn commit: r224794 - head/sys/sys

Jonathan Anderson jonathan at FreeBSD.org
Fri Aug 12 11:43:56 UTC 2011


Author: jonathan
Date: Fri Aug 12 11:43:56 2011
New Revision: 224794
URL: http://svn.freebsd.org/changeset/base/224794

Log:
  Reorder and renumber capability rights.
  
  This patch does three things:
   - puts capability rights in a more pleasing declaration order
   - changes mask values to match the new declaration order
   - declare new rights which will be used soon (e.g. CAP_LOOKUP, CAP_MKDIR)
  
  Approved by: re (kib), mentor (rwatson)
  Sponsored by: Google Inc

Modified:
  head/sys/sys/capability.h

Modified: head/sys/sys/capability.h
==============================================================================
--- head/sys/sys/capability.h	Fri Aug 12 10:52:46 2011	(r224793)
+++ head/sys/sys/capability.h	Fri Aug 12 11:43:56 2011	(r224794)
@@ -76,30 +76,38 @@
 #define	CAP_FSTAT		0x0000000000010000ULL
 #define	CAP_FSTATFS		0x0000000000020000ULL
 #define	CAP_FUTIMES		0x0000000000040000ULL
+#define	CAP_CREATE		0x0000000000080000ULL
+#define	CAP_DELETE		0x0000000000100000ULL
+#define	CAP_MKDIR		0x0000000000200000ULL
+#define	CAP_RMDIR		0x0000000000400000ULL
+#define	CAP_MKFIFO		0x0000000000800000ULL
+
+/* Lookups - used to constrain *at() calls. */
+#define	CAP_LOOKUP		0x0000000001000000ULL
 
 /* Extended attributes. */
-#define	CAP_EXTATTR_DELETE	0x0000000000080000ULL
-#define	CAP_EXTATTR_GET		0x0000000000100000ULL
-#define	CAP_EXTATTR_LIST	0x0000000000200000ULL
-#define	CAP_EXTATTR_SET		0x0000000000400000ULL
+#define	CAP_EXTATTR_DELETE	0x0000000002000000ULL
+#define	CAP_EXTATTR_GET		0x0000000004000000ULL
+#define	CAP_EXTATTR_LIST	0x0000000008000000ULL
+#define	CAP_EXTATTR_SET		0x0000000010000000ULL
 
 /* Access Control Lists. */
-#define	CAP_ACL_CHECK		0x0000000000800000ULL
-#define	CAP_ACL_DELETE		0x0000000001000000ULL
-#define	CAP_ACL_GET		0x0000000002000000ULL
-#define	CAP_ACL_SET		0x0000000004000000ULL
+#define	CAP_ACL_CHECK		0x0000000020000000ULL
+#define	CAP_ACL_DELETE		0x0000000040000000ULL
+#define	CAP_ACL_GET		0x0000000080000000ULL
+#define	CAP_ACL_SET		0x0000000100000000ULL
 
 /* Socket operations. */
-#define	CAP_ACCEPT		0x0000000008000000ULL
-#define	CAP_BIND		0x0000000010000000ULL
-#define	CAP_CONNECT		0x0000000020000000ULL
-#define	CAP_GETPEERNAME		0x0000000040000000ULL
-#define	CAP_GETSOCKNAME		0x0000000080000000ULL
-#define	CAP_GETSOCKOPT		0x0000000100000000ULL
-#define	CAP_LISTEN		0x0000000200000000ULL
-#define	CAP_PEELOFF		0x0000000400000000ULL
-#define	CAP_SETSOCKOPT		0x0000000800000000ULL
-#define	CAP_SHUTDOWN		0x0000001000000000ULL
+#define	CAP_ACCEPT		0x0000000200000000ULL
+#define	CAP_BIND		0x0000000400000000ULL
+#define	CAP_CONNECT		0x0000000800000000ULL
+#define	CAP_GETPEERNAME		0x0000001000000000ULL
+#define	CAP_GETSOCKNAME		0x0000002000000000ULL
+#define	CAP_GETSOCKOPT		0x0000004000000000ULL
+#define	CAP_LISTEN		0x0000008000000000ULL
+#define	CAP_PEELOFF		0x0000010000000000ULL
+#define	CAP_SETSOCKOPT		0x0000020000000000ULL
+#define	CAP_SHUTDOWN		0x0000040000000000ULL
 
 #define	CAP_SOCK_ALL \
 	(CAP_ACCEPT | CAP_BIND | CAP_CONNECT \
@@ -107,24 +115,24 @@
 	 | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN)
 
 /* Mandatory Access Control. */
-#define	CAP_MAC_GET		0x0000002000000000ULL
-#define	CAP_MAC_SET		0x0000004000000000ULL
+#define	CAP_MAC_GET		0x0000080000000000ULL
+#define	CAP_MAC_SET		0x0000100000000000ULL
 
 /* Methods on semaphores. */
-#define	CAP_SEM_GETVALUE	0x0000008000000000ULL
-#define	CAP_SEM_POST		0x0000010000000000ULL
-#define	CAP_SEM_WAIT		0x0000020000000000ULL
+#define	CAP_SEM_GETVALUE	0x0000200000000000ULL
+#define	CAP_SEM_POST		0x0000400000000000ULL
+#define	CAP_SEM_WAIT		0x0000800000000000ULL
 
 /* kqueue events. */
-#define	CAP_POLL_KEVENT		0x0000040000000000ULL
-#define	CAP_POST_KEVENT		0x0000080000000000ULL
+#define	CAP_POLL_KEVENT		0x0001000000000000ULL
+#define	CAP_POST_KEVENT		0x0002000000000000ULL
 
 /* Strange and powerful rights that should not be given lightly. */
-#define	CAP_IOCTL		0x0000100000000000ULL
-#define	CAP_TTYHOOK		0x0000200000000000ULL
+#define	CAP_IOCTL		0x0004000000000000ULL
+#define	CAP_TTYHOOK		0x0008000000000000ULL
 
 /* The mask of all valid method rights. */
-#define	CAP_MASK_VALID		0x00003fffffffffffULL
+#define	CAP_MASK_VALID		0x000fffffffffffffULL
 
 #ifdef _KERNEL
 


More information about the svn-src-all mailing list