blob: 6067804a36f0791d4d63c0c5b932f123c4b61116 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Copyright (c) 2019 Richard Palethorpe <rpalethorpe@suse.com>
*/
/**
* @file tst_capability.h
*
* Limited capability operations without libcap.
*/
#ifndef TST_CAPABILITY_H
#define TST_CAPABILITY_H
#include <stdint.h>
#include "lapi/capability.h"
#define TST_CAP_DROP 1
#define TST_CAP_REQ (1 << 1)
#define TST_CAP(action, capability) {action, capability, #capability}
struct tst_cap_user_header {
uint32_t version;
int pid;
};
struct tst_cap_user_data {
uint32_t effective;
uint32_t permitted;
uint32_t inheritable;
};
struct tst_cap {
uint32_t action;
uint32_t id;
char *name;
};
/**
* Get the capabilities as decided by hdr.
*
* Note that the memory pointed to by data should be large enough to store two
* structs.
*/
int tst_capget(struct tst_cap_user_header *hdr,
struct tst_cap_user_data *data);
/**
* Set the capabilities as decided by hdr and data
*
* Note that the memory pointed to by data should be large enough to store two
* structs.
*/
int tst_capset(struct tst_cap_user_header *hdr,
const struct tst_cap_user_data *data);
/**
* Add, check or remove a capability
*
* It will attempt to drop or add capability to the effective set. It will
* try to detect if this is needed and whether it can or can't be done. If it
* clearly can not add a privilege to the effective set then it will return
* TCONF. However it may fail for some other reason and return TBROK.
*
* This only tries to change the effective set. Some tests may need to change
* the inheritable and ambient sets, so that child processes retain some
* capability.
*/
void tst_cap_action(struct tst_cap *cap);
/**
* Add, check or remove a capabilities
*
* Takes a NULL terminated array of structs which describe whether some
* capabilities are needed or not and mask that determines subset of the
* actions to be performed. Loops over the array and if mask matches the
* element action it's passed to tst_cap_action().
*/
void tst_cap_setup(struct tst_cap *cap, unsigned int action_mask);
#endif /* TST_CAPABILITY_H */
|
