svn commit: r258152 - head/sys/sys
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Nov 14 23:14:26 UTC 2013
Author: pjd
Date: Thu Nov 14 23:14:25 2013
New Revision: 258152
URL: http://svnweb.freebsd.org/changeset/base/258152
Log:
Precisely document capability rights here too (they are already documented
in rights(4)).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Modified:
head/sys/sys/capability.h
Modified: head/sys/sys/capability.h
==============================================================================
--- head/sys/sys/capability.h Thu Nov 14 23:05:13 2013 (r258151)
+++ head/sys/sys/capability.h Thu Nov 14 23:14:25 2013 (r258152)
@@ -79,9 +79,12 @@
#define CAP_SEEK_TELL CAPRIGHT(0, 0x0000000000000004ULL)
/* Allows for lseek(2). */
#define CAP_SEEK (CAP_SEEK_TELL | 0x0000000000000008ULL)
-/* Allows for pread(2), preadv(2). */
+/* Allows for aio_read(2), pread(2), preadv(2). */
#define CAP_PREAD (CAP_SEEK | CAP_READ)
-/* Allows for openat(O_WRONLY) (without O_APPEND), pwrite(2), pwritev(2). */
+/*
+ * Allows for aio_write(2), openat(O_WRONLY) (without O_APPEND), pwrite(2),
+ * pwritev(2).
+ */
#define CAP_PWRITE (CAP_SEEK | CAP_WRITE)
/* Allows for mmap(PROT_NONE). */
#define CAP_MMAP CAPRIGHT(0, 0x0000000000000010ULL)
@@ -103,7 +106,7 @@
#define CAP_CREATE CAPRIGHT(0, 0x0000000000000040ULL)
/* Allows for openat(O_EXEC) and fexecve(2) in turn. */
#define CAP_FEXECVE CAPRIGHT(0, 0x0000000000000080ULL)
-/* Allows for openat(O_SYNC), openat(O_FSYNC), fsync(2). */
+/* Allows for openat(O_SYNC), openat(O_FSYNC), fsync(2), aio_fsync(2). */
#define CAP_FSYNC CAPRIGHT(0, 0x0000000000000100ULL)
/* Allows for openat(O_TRUNC), ftruncate(2). */
#define CAP_FTRUNCATE CAPRIGHT(0, 0x0000000000000200ULL)
@@ -112,54 +115,101 @@
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
/* VFS methods. */
+/* Allows for fchdir(2). */
#define CAP_FCHDIR CAPRIGHT(0, 0x0000000000000800ULL)
+/* Allows for fchflags(2). */
#define CAP_FCHFLAGS CAPRIGHT(0, 0x0000000000001000ULL)
+/* Allows for fchflags(2) and chflagsat(2). */
#define CAP_CHFLAGSAT (CAP_FCHFLAGS | CAP_LOOKUP)
+/* Allows for fchmod(2). */
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
+/* Allows for fchmod(2) and fchmodat(2). */
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
+/* Allows for fchown(2). */
#define CAP_FCHOWN CAPRIGHT(0, 0x0000000000004000ULL)
+/* Allows for fchown(2) and fchownat(2). */
#define CAP_FCHOWNAT (CAP_FCHOWN | CAP_LOOKUP)
+/* Allows for fcntl(2). */
#define CAP_FCNTL CAPRIGHT(0, 0x0000000000008000ULL)
+/*
+ * Allows for flock(2), openat(O_SHLOCK), openat(O_EXLOCK),
+ * fcntl(F_SETLK_REMOTE), fcntl(F_SETLKW), fcntl(F_SETLK), fcntl(F_GETLK).
+ */
#define CAP_FLOCK CAPRIGHT(0, 0x0000000000010000ULL)
+/* Allows for fpathconf(2). */
#define CAP_FPATHCONF CAPRIGHT(0, 0x0000000000020000ULL)
+/* Allows for UFS background-fsck operations. */
#define CAP_FSCK CAPRIGHT(0, 0x0000000000040000ULL)
+/* Allows for fstat(2). */
#define CAP_FSTAT CAPRIGHT(0, 0x0000000000080000ULL)
+/* Allows for fstat(2), fstatat(2) and faccessat(2). */
#define CAP_FSTATAT (CAP_FSTAT | CAP_LOOKUP)
+/* Allows for fstatfs(2). */
#define CAP_FSTATFS CAPRIGHT(0, 0x0000000000100000ULL)
+/* Allows for futimes(2). */
#define CAP_FUTIMES CAPRIGHT(0, 0x0000000000200000ULL)
+/* Allows for futimes(2) and futimesat(2). */
#define CAP_FUTIMESAT (CAP_FUTIMES | CAP_LOOKUP)
+/* Allows for linkat(2) and renameat(2) (destination directory descriptor). */
#define CAP_LINKAT CAPRIGHT(0, 0x0000000000400000ULL)
+/* Allows for mkdirat(2). */
#define CAP_MKDIRAT CAPRIGHT(0, 0x0000000000800000ULL)
+/* Allows for mkfifoat(2). */
#define CAP_MKFIFOAT CAPRIGHT(0, 0x0000000001000000ULL)
+/* Allows for mknodat(2). */
#define CAP_MKNODAT CAPRIGHT(0, 0x0000000002000000ULL)
+/* Allows for renameat(2). */
#define CAP_RENAMEAT CAPRIGHT(0, 0x0000000004000000ULL)
+/* Allows for symlinkat(2). */
#define CAP_SYMLINKAT CAPRIGHT(0, 0x0000000008000000ULL)
+/*
+ * Allows for unlinkat(2) and renameat(2) if destination object exists and
+ * will be removed.
+ */
#define CAP_UNLINKAT CAPRIGHT(0, 0x0000000010000000ULL)
/* Extended attributes. */
+/* Allows for extattr_delete_fd(2). */
#define CAP_EXTATTR_DELETE CAPRIGHT(0, 0x0000000020000000ULL)
+/* Allows for extattr_get_fd(2). */
#define CAP_EXTATTR_GET CAPRIGHT(0, 0x0000000040000000ULL)
+/* Allows for extattr_list_fd(2). */
#define CAP_EXTATTR_LIST CAPRIGHT(0, 0x0000000080000000ULL)
+/* Allows for extattr_set_fd(2). */
#define CAP_EXTATTR_SET CAPRIGHT(0, 0x0000000100000000ULL)
/* Access Control Lists. */
+/* Allows for acl_valid_fd_np(3). */
#define CAP_ACL_CHECK CAPRIGHT(0, 0x0000000200000000ULL)
+/* Allows for acl_delete_fd_np(3). */
#define CAP_ACL_DELETE CAPRIGHT(0, 0x0000000400000000ULL)
+/* Allows for acl_get_fd(3) and acl_get_fd_np(3). */
#define CAP_ACL_GET CAPRIGHT(0, 0x0000000800000000ULL)
+/* Allows for acl_set_fd(3) and acl_set_fd_np(3). */
#define CAP_ACL_SET CAPRIGHT(0, 0x0000001000000000ULL)
/* Socket operations. */
+/* Allows for accept(2) and accept4(2). */
#define CAP_ACCEPT CAPRIGHT(0, 0x0000002000000000ULL)
+/* Allows for bind(2). */
#define CAP_BIND CAPRIGHT(0, 0x0000004000000000ULL)
+/* Allows for connect(2). */
#define CAP_CONNECT CAPRIGHT(0, 0x0000008000000000ULL)
+/* Allows for getpeername(2). */
#define CAP_GETPEERNAME CAPRIGHT(0, 0x0000010000000000ULL)
+/* Allows for getsockname(2). */
#define CAP_GETSOCKNAME CAPRIGHT(0, 0x0000020000000000ULL)
+/* Allows for getsockopt(2). */
#define CAP_GETSOCKOPT CAPRIGHT(0, 0x0000040000000000ULL)
+/* Allows for listen(2). */
#define CAP_LISTEN CAPRIGHT(0, 0x0000080000000000ULL)
+/* Allows for sctp_peeloff(2). */
#define CAP_PEELOFF CAPRIGHT(0, 0x0000100000000000ULL)
#define CAP_RECV CAP_READ
#define CAP_SEND CAP_WRITE
+/* Allows for setsockopt(2). */
#define CAP_SETSOCKOPT CAPRIGHT(0, 0x0000200000000000ULL)
+/* Allows for shutdown(2). */
#define CAP_SHUTDOWN CAPRIGHT(0, 0x0000400000000000ULL)
#define CAP_SOCK_CLIENT \
@@ -181,7 +231,9 @@
/* INDEX 1 */
/* Mandatory Access Control. */
+/* Allows for mac_get_fd(3). */
#define CAP_MAC_GET CAPRIGHT(1, 0x0000000000000001ULL)
+/* Allows for mac_set_fd(3). */
#define CAP_MAC_SET CAPRIGHT(1, 0x0000000000000002ULL)
/* Methods on semaphores. */
@@ -194,19 +246,25 @@
#define CAP_POST_EVENT CAPRIGHT(1, 0x0000000000000040ULL)
/* Strange and powerful rights that should not be given lightly. */
+/* Allows for ioctl(2). */
#define CAP_IOCTL CAPRIGHT(1, 0x0000000000000080ULL)
#define CAP_TTYHOOK CAPRIGHT(1, 0x0000000000000100ULL)
/* Process management via process descriptors. */
+/* Allows for pdgetpid(2). */
#define CAP_PDGETPID CAPRIGHT(1, 0x0000000000000200ULL)
+/* Allows for pdwait4(2). */
#define CAP_PDWAIT CAPRIGHT(1, 0x0000000000000400ULL)
+/* Allows for pdkill(2). */
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
/*
* Rights that allow to use bindat(2) and connectat(2) syscalls on a
* directory descriptor.
*/
+/* Allows for bindat(2) on a directory descriptor. */
#define CAP_BINDAT CAPRIGHT(1, 0x0000000000001000ULL)
+/* Allows for connectat(2) on a directory descriptor. */
#define CAP_CONNECTAT CAPRIGHT(1, 0x0000000000002000ULL)
/* All used bits for index 1. */
More information about the svn-src-all
mailing list