1 #ifndef __CAPSICUM_LINUX_H__ 2 #define __CAPSICUM_LINUX_H__ 3 4 #ifdef __linux__ 5 /************************************************************ 6 * Linux Capsicum Functionality. 7 ************************************************************/ 8 #include <errno.h> 9 #include <sys/procdesc.h> 10 #include <sys/capsicum.h> 11 12 #define HAVE_CAP_RIGHTS_LIMIT 13 #define HAVE_CAP_RIGHTS_GET 14 #define HAVE_CAP_FCNTLS_LIMIT 15 #define HAVE_CAP_IOCTLS_LIMIT 16 #define HAVE_PROC_FDINFO 17 #define HAVE_PDWAIT4 18 #define CAP_FROM_ACCEPT 19 // TODO(drysdale): uncomment if/when Linux propagates rights on sctp_peeloff. 20 // Linux does not generate a capability from sctp_peeloff(cap_fd,...). 21 // #define CAP_FROM_PEELOFF 22 // TODO(drysdale): uncomment if/when Linux allows intermediate .. path segments 23 // for openat()-like operations. 24 // #define HAVE_OPENAT_INTERMEDIATE_DOTDOT 25 26 // Failure to open file due to path traversal generates EPERM 27 #ifdef ENOTBENEATH 28 #define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH 29 #define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH 30 #else 31 #define E_NO_TRAVERSE_CAPABILITY EPERM 32 #define E_NO_TRAVERSE_O_BENEATH EPERM 33 #endif 34 35 // Too many links 36 #define E_TOO_MANY_LINKS ELOOP 37 38 #endif /* __linux__ */ 39 40 #endif /*__CAPSICUM_LINUX_H__*/ 41