From: Francis Laniel <flaniel@linux.microsoft.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
Serge Hallyn <serge@hallyn.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Francis Laniel <flaniel@linux.microsoft.com>
Subject: [RFC PATCH v3 1/2] capability: Add cap_string.
Date: Thu, 20 Jan 2022 19:01:15 +0100 [thread overview]
Message-ID: <20220120180116.167702-2-flaniel@linux.microsoft.com> (raw)
In-Reply-To: <20220120180116.167702-1-flaniel@linux.microsoft.com>
This string contains on each line the number of the capability associated to
its name.
For example, first line is:
__stringify(CAP_CHOWN) "\tCAP_CHOWN\n"
which the preprocessor will replace by:
"0\tCAP_CHOWN\n"
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
include/uapi/linux/capability.h | 1 +
kernel/capability.c | 45 +++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+)
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 463d1ba2232a..115f4fef00da 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -428,5 +428,6 @@ struct vfs_ns_cap_data {
#define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */
#define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */
+extern const char *cap_string;
#endif /* _UAPI_LINUX_CAPABILITY_H */
diff --git a/kernel/capability.c b/kernel/capability.c
index 46a361dde042..72b0aece4f81 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -15,6 +15,7 @@
#include <linux/mm.h>
#include <linux/export.h>
#include <linux/security.h>
+#include <linux/stringify.h>
#include <linux/syscalls.h>
#include <linux/pid_namespace.h>
#include <linux/user_namespace.h>
@@ -27,6 +28,50 @@
const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
EXPORT_SYMBOL(__cap_empty_set);
+const char *cap_string =
+ __stringify(CAP_CHOWN) "\tCAP_CHOWN\n"
+ __stringify(CAP_DAC_OVERRIDE) "\tCAP_DAC_OVERRIDE\n"
+ __stringify(CAP_DAC_READ_SEARCH) "\tCAP_DAC_READ_SEARCH\n"
+ __stringify(CAP_FOWNER) "\tCAP_FOWNER\n"
+ __stringify(CAP_FSETID) "\tCAP_FSETID\n"
+ __stringify(CAP_KILL) "\tCAP_KILL\n"
+ __stringify(CAP_SETGID) "\tCAP_SETGID\n"
+ __stringify(CAP_SETUID) "\tCAP_SETUID\n"
+ __stringify(CAP_SETPCAP) "\tCAP_SETPCAP\n"
+ __stringify(CAP_LINUX_IMMUTABLE) "\tCAP_LINUX_IMMUTABLE\n"
+ __stringify(CAP_NET_BIND_SERVICE) "\tCAP_NET_BIND_SERVICE\n"
+ __stringify(CAP_NET_BROADCAST) "\tCAP_NET_BROADCAST\n"
+ __stringify(CAP_NET_ADMIN) "\tCAP_NET_ADMIN\n"
+ __stringify(CAP_NET_RAW) "\tCAP_NET_RAW\n"
+ __stringify(CAP_IPC_LOCK) "\tCAP_IPC_LOCK\n"
+ __stringify(CAP_IPC_OWNER) "\tCAP_IPC_OWNER\n"
+ __stringify(CAP_SYS_MODULE) "\tCAP_SYS_MODULE\n"
+ __stringify(CAP_SYS_RAWIO) "\tCAP_SYS_RAWIO\n"
+ __stringify(CAP_SYS_CHROOT) "\tCAP_SYS_CHROOT\n"
+ __stringify(CAP_SYS_PTRACE) "\tCAP_SYS_PTRACE\n"
+ __stringify(CAP_SYS_PACCT) "\tCAP_SYS_PACCT\n"
+ __stringify(CAP_SYS_ADMIN) "\tCAP_SYS_ADMIN\n"
+ __stringify(CAP_SYS_BOOT) "\tCAP_SYS_BOOT\n"
+ __stringify(CAP_SYS_NICE) "\tCAP_SYS_NICE\n"
+ __stringify(CAP_SYS_RESOURCE) "\tCAP_SYS_RESOURCE\n"
+ __stringify(CAP_SYS_TIME) "\tCAP_SYS_TIME\n"
+ __stringify(CAP_SYS_TTY_CONFIG) "\tCAP_SYS_TTY_CONFIG\n"
+ __stringify(CAP_MKNOD) "\tCAP_MKNOD\n"
+ __stringify(CAP_LEASE) "\tCAP_LEASE\n"
+ __stringify(CAP_AUDIT_WRITE) "\tCAP_AUDIT_WRITE\n"
+ __stringify(CAP_AUDIT_CONTROL) "\tCAP_AUDIT_CONTROL\n"
+ __stringify(CAP_SETFCAP) "\tCAP_SETFCAP\n"
+ __stringify(CAP_MAC_OVERRIDE) "\tCAP_MAC_OVERRIDE\n"
+ __stringify(CAP_MAC_ADMIN) "\tCAP_MAC_ADMIN\n"
+ __stringify(CAP_SYSLOG) "\tCAP_SYSLOG\n"
+ __stringify(CAP_WAKE_ALARM) "\tCAP_WAKE_ALARM\n"
+ __stringify(CAP_BLOCK_SUSPEND) "\tCAP_BLOCK_SUSPEND\n"
+ __stringify(CAP_AUDIT_READ) "\tCAP_AUDIT_READ\n"
+ __stringify(CAP_PERFMON) "\tCAP_PERFMON\n"
+ __stringify(CAP_BPF) "\tCAP_BPF\n"
+ __stringify(CAP_CHECKPOINT_RESTORE) "\tCAP_CHECKPOINT_RESTORE\n"
+;
+
int file_caps_enabled = 1;
static int __init file_caps_disable(char *str)
--
2.30.2
next prev parent reply other threads:[~2022-01-20 18:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 18:01 [RFC PATCH v3 0/2] Add capabilities file to sysfs Francis Laniel
2022-01-20 18:01 ` Francis Laniel [this message]
2022-01-20 18:01 ` [RFC PATCH v3 2/2] security/inode.c: Add capabilities file Francis Laniel
2022-01-21 8:58 ` Francis Laniel
2022-01-20 18:09 ` [RFC PATCH v3 0/2] Add capabilities file to sysfs Casey Schaufler
2022-01-20 18:14 ` Francis Laniel
2022-01-20 18:20 ` Eric W. Biederman
2022-01-20 19:01 ` Francis Laniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220120180116.167702-2-flaniel@linux.microsoft.com \
--to=flaniel@linux.microsoft.com \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).