diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2016-02-06 19:49:07 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2016-02-06 19:49:07 -0800 |
| commit | 0f0eca489e979b4a8526e521f962455e474a27a0 (patch) | |
| tree | 0e8027ecad22b844deb36f5bee73712f5cc57b77 /libcap/include | |
| parent | dce069b617cf5e42fde707196eaf2ee8d62bc96c (diff) | |
| download | libcap2-0f0eca489e979b4a8526e521f962455e474a27a0.tar.gz | |
Add initial support for the ambient set.
The ambient set is some strangeness associated with trying to revive
naive inheritance. While personally not a fan of this feature, I
recognize it is in the kernel so libcap now supports it with
three new functions:
int cap_get_ambient(cap_value_t cap)
int cap_set_ambient(cap_value_t cap, cap_flag_value_t set)
int cap_reset_ambient(void)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'libcap/include')
| -rw-r--r-- | libcap/include/sys/capability.h | 6 | ||||
| -rw-r--r-- | libcap/include/uapi/linux/prctl.h | 48 |
2 files changed, 53 insertions, 1 deletions
diff --git a/libcap/include/sys/capability.h b/libcap/include/sys/capability.h index dddc75b..0976fa7 100644 --- a/libcap/include/sys/capability.h +++ b/libcap/include/sys/capability.h @@ -92,9 +92,13 @@ extern int cap_set_proc(cap_t); extern int cap_get_bound(cap_value_t); extern int cap_drop_bound(cap_value_t); - #define CAP_IS_SUPPORTED(cap) (cap_get_bound(cap) >= 0) +extern int cap_get_ambient(cap_value_t); +extern int cap_set_ambient(cap_value_t, cap_flag_value_t); +extern int cap_reset_ambient(void); +#define CAP_AMBIENT_SUPPORTED() (cap_get_ambient(CAP_CHOWN) >= 0) + /* libcap/cap_extint.c */ extern ssize_t cap_size(cap_t); extern ssize_t cap_copy_ext(void *, cap_t, ssize_t); diff --git a/libcap/include/uapi/linux/prctl.h b/libcap/include/uapi/linux/prctl.h index 289760f..a8d0759 100644 --- a/libcap/include/uapi/linux/prctl.h +++ b/libcap/include/uapi/linux/prctl.h @@ -1,6 +1,8 @@ #ifndef _LINUX_PRCTL_H #define _LINUX_PRCTL_H +#include <linux/types.h> + /* Values to pass as first argument to prctl() */ #define PR_SET_PDEATHSIG 1 /* Second arg is a signal */ @@ -119,6 +121,31 @@ # define PR_SET_MM_ENV_END 11 # define PR_SET_MM_AUXV 12 # define PR_SET_MM_EXE_FILE 13 +# define PR_SET_MM_MAP 14 +# define PR_SET_MM_MAP_SIZE 15 + +/* + * This structure provides new memory descriptor + * map which mostly modifies /proc/pid/stat[m] + * output for a task. This mostly done in a + * sake of checkpoint/restore functionality. + */ +struct prctl_mm_map { + __u64 start_code; /* code section bounds */ + __u64 end_code; + __u64 start_data; /* data section bounds */ + __u64 end_data; + __u64 start_brk; /* heap for brk() syscall */ + __u64 brk; + __u64 start_stack; /* stack starts at */ + __u64 arg_start; /* command line arguments bounds */ + __u64 arg_end; + __u64 env_start; /* environment variables bounds */ + __u64 env_end; + __u64 *auxv; /* auxiliary vector */ + __u32 auxv_size; /* vector size */ + __u32 exe_fd; /* /proc/$pid/exe link file */ +}; /* * Set specific pid that is allowed to ptrace the current task. @@ -149,4 +176,25 @@ #define PR_GET_TID_ADDRESS 40 +#define PR_SET_THP_DISABLE 41 +#define PR_GET_THP_DISABLE 42 + +/* + * Tell the kernel to start/stop helping userspace manage bounds tables. + */ +#define PR_MPX_ENABLE_MANAGEMENT 43 +#define PR_MPX_DISABLE_MANAGEMENT 44 + +#define PR_SET_FP_MODE 45 +#define PR_GET_FP_MODE 46 +# define PR_FP_MODE_FR (1 << 0) /* 64b FP registers */ +# define PR_FP_MODE_FRE (1 << 1) /* 32b compatibility */ + +/* Control the ambient capability set */ +#define PR_CAP_AMBIENT 47 +# define PR_CAP_AMBIENT_IS_SET 1 +# define PR_CAP_AMBIENT_RAISE 2 +# define PR_CAP_AMBIENT_LOWER 3 +# define PR_CAP_AMBIENT_CLEAR_ALL 4 + #endif /* _LINUX_PRCTL_H */ |