svn commit: r224255 - head/sys/sys
Jonathan Anderson
jonathan at FreeBSD.org
Thu Jul 21 21:08:34 UTC 2011
Author: jonathan
Date: Thu Jul 21 21:08:33 2011
New Revision: 224255
URL: http://svn.freebsd.org/changeset/base/224255
Log:
Declare more capability method rights.
This is a complete set of rights that can be held in a capability's
rights mask.
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
Modified:
head/sys/sys/capability.h
Modified: head/sys/sys/capability.h
==============================================================================
--- head/sys/sys/capability.h Thu Jul 21 20:43:43 2011 (r224254)
+++ head/sys/sys/capability.h Thu Jul 21 21:08:33 2011 (r224255)
@@ -53,11 +53,78 @@
* mmap() and aio*() system calls will need special attention as they may
* involve reads or writes depending a great deal on context.
*/
+
+/* General file I/O. */
#define CAP_READ 0x0000000000000001ULL /* read/recv */
#define CAP_WRITE 0x0000000000000002ULL /* write/send */
#define CAP_MMAP 0x0000000000000004ULL /* mmap */
#define CAP_MAPEXEC 0x0000000000000008ULL /* mmap(2) as exec */
-#define CAP_MASK_VALID 0x000000000000000fULL
+#define CAP_FEXECVE 0x0000000000000010ULL
+#define CAP_FSYNC 0x0000000000000020ULL
+#define CAP_FTRUNCATE 0x0000000000000040ULL
+#define CAP_SEEK 0x0000000000000080ULL
+
+/* VFS methods. */
+#define CAP_FCHFLAGS 0x0000000000000100ULL
+#define CAP_FCHDIR 0x0000000000000200ULL
+#define CAP_FCHMOD 0x0000000000000400ULL
+#define CAP_FCHOWN 0x0000000000000800ULL
+#define CAP_FCNTL 0x0000000000001000ULL
+#define CAP_FPATHCONF 0x0000000000002000ULL
+#define CAP_FLOCK 0x0000000000004000ULL
+#define CAP_FSCK 0x0000000000008000ULL
+#define CAP_FSTAT 0x0000000000010000ULL
+#define CAP_FSTATFS 0x0000000000020000ULL
+#define CAP_FUTIMES 0x0000000000040000ULL
+
+/* Extended attributes. */
+#define CAP_EXTATTR_DELETE 0x0000000000080000ULL
+#define CAP_EXTATTR_GET 0x0000000000100000ULL
+#define CAP_EXTATTR_LIST 0x0000000000200000ULL
+#define CAP_EXTATTR_SET 0x0000000000400000ULL
+
+/* Access Control Lists. */
+#define CAP_ACL_CHECK 0x0000000000800000ULL
+#define CAP_ACL_DELETE 0x0000000001000000ULL
+#define CAP_ACL_GET 0x0000000002000000ULL
+#define CAP_ACL_SET 0x0000000004000000ULL
+
+/* Socket operations. */
+#define CAP_ACCEPT 0x0000000008000000ULL
+#define CAP_BIND 0x0000000010000000ULL
+#define CAP_CONNECT 0x0000000020000000ULL
+#define CAP_GETPEERNAME 0x0000000040000000ULL
+#define CAP_GETSOCKNAME 0x0000000080000000ULL
+#define CAP_GETSOCKOPT 0x0000000100000000ULL
+#define CAP_LISTEN 0x0000000200000000ULL
+#define CAP_PEELOFF 0x0000000400000000ULL
+#define CAP_SETSOCKOPT 0x0000000800000000ULL
+#define CAP_SHUTDOWN 0x0000001000000000ULL
+
+#define CAP_SOCK_ALL \
+ (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \
+ | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT \
+ | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN)
+
+/* Mandatory Access Control. */
+#define CAP_MAC_GET 0x0000002000000000ULL
+#define CAP_MAC_SET 0x0000004000000000ULL
+
+/* Methods on semaphores. */
+#define CAP_SEM_GETVALUE 0x0000008000000000ULL
+#define CAP_SEM_POST 0x0000010000000000ULL
+#define CAP_SEM_WAIT 0x0000020000000000ULL
+
+/* Events - maybe we need a post/get distinction? */
+#define CAP_EVENT 0x0000040000000000ULL
+#define CAP_KEVENT 0x0000080000000000ULL
+
+/* Strange and powerful rights that should not be given lightly. */
+#define CAP_IOCTL 0x0000100000000000ULL
+#define CAP_TTYHOOK 0x0000200000000000ULL
+
+/* The mask of all valid method rights. */
+#define CAP_MASK_VALID 0x00003fffffffffffULL
#ifdef _KERNEL
More information about the svn-src-head
mailing list