16f52b16cSGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2607ca46eSDavid Howells /* 3607ca46eSDavid Howells * This is <linux/capability.h> 4607ca46eSDavid Howells * 5607ca46eSDavid Howells * Andrew G. Morgan <morgan@kernel.org> 6607ca46eSDavid Howells * Alexander Kjeldaas <astor@guardian.no> 7607ca46eSDavid Howells * with help from Aleph1, Roland Buresund and Andrew Main. 8607ca46eSDavid Howells * 9607ca46eSDavid Howells * See here for the libcap library ("POSIX draft" compliance): 10607ca46eSDavid Howells * 11607ca46eSDavid Howells * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ 12607ca46eSDavid Howells */ 13607ca46eSDavid Howells 14607ca46eSDavid Howells #ifndef _UAPI_LINUX_CAPABILITY_H 15607ca46eSDavid Howells #define _UAPI_LINUX_CAPABILITY_H 16607ca46eSDavid Howells 17607ca46eSDavid Howells #include <linux/types.h> 18607ca46eSDavid Howells 19607ca46eSDavid Howells /* User-level do most of the mapping between kernel and user 20607ca46eSDavid Howells capabilities based on the version tag given by the kernel. The 21607ca46eSDavid Howells kernel might be somewhat backwards compatible, but don't bet on 22607ca46eSDavid Howells it. */ 23607ca46eSDavid Howells 24607ca46eSDavid Howells /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to 25607ca46eSDavid Howells a set of three capability sets. The transposition of 3*the 26607ca46eSDavid Howells following structure to such a composite is better handled in a user 27607ca46eSDavid Howells library since the draft standard requires the use of malloc/free 28607ca46eSDavid Howells etc.. */ 29607ca46eSDavid Howells 30607ca46eSDavid Howells #define _LINUX_CAPABILITY_VERSION_1 0x19980330 31607ca46eSDavid Howells #define _LINUX_CAPABILITY_U32S_1 1 32607ca46eSDavid Howells 33607ca46eSDavid Howells #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ 34607ca46eSDavid Howells #define _LINUX_CAPABILITY_U32S_2 2 35607ca46eSDavid Howells 36607ca46eSDavid Howells #define _LINUX_CAPABILITY_VERSION_3 0x20080522 37607ca46eSDavid Howells #define _LINUX_CAPABILITY_U32S_3 2 38607ca46eSDavid Howells 39607ca46eSDavid Howells typedef struct __user_cap_header_struct { 40607ca46eSDavid Howells __u32 version; 41607ca46eSDavid Howells int pid; 42607ca46eSDavid Howells } __user *cap_user_header_t; 43607ca46eSDavid Howells 44*55382134SGONG, Ruiqi struct __user_cap_data_struct { 45607ca46eSDavid Howells __u32 effective; 46607ca46eSDavid Howells __u32 permitted; 47607ca46eSDavid Howells __u32 inheritable; 48*55382134SGONG, Ruiqi }; 49*55382134SGONG, Ruiqi typedef struct __user_cap_data_struct __user *cap_user_data_t; 50607ca46eSDavid Howells 51607ca46eSDavid Howells 52607ca46eSDavid Howells #define VFS_CAP_REVISION_MASK 0xFF000000 53607ca46eSDavid Howells #define VFS_CAP_REVISION_SHIFT 24 54607ca46eSDavid Howells #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 55607ca46eSDavid Howells #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 56607ca46eSDavid Howells 57607ca46eSDavid Howells #define VFS_CAP_REVISION_1 0x01000000 58607ca46eSDavid Howells #define VFS_CAP_U32_1 1 59607ca46eSDavid Howells #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) 60607ca46eSDavid Howells 61607ca46eSDavid Howells #define VFS_CAP_REVISION_2 0x02000000 62607ca46eSDavid Howells #define VFS_CAP_U32_2 2 63607ca46eSDavid Howells #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) 64607ca46eSDavid Howells 658db6c34fSSerge E. Hallyn #define VFS_CAP_REVISION_3 0x03000000 668db6c34fSSerge E. Hallyn #define VFS_CAP_U32_3 2 678db6c34fSSerge E. Hallyn #define XATTR_CAPS_SZ_3 (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3)) 688db6c34fSSerge E. Hallyn 698db6c34fSSerge E. Hallyn #define XATTR_CAPS_SZ XATTR_CAPS_SZ_3 708db6c34fSSerge E. Hallyn #define VFS_CAP_U32 VFS_CAP_U32_3 718db6c34fSSerge E. Hallyn #define VFS_CAP_REVISION VFS_CAP_REVISION_3 72607ca46eSDavid Howells 73607ca46eSDavid Howells struct vfs_cap_data { 74607ca46eSDavid Howells __le32 magic_etc; /* Little endian */ 75607ca46eSDavid Howells struct { 76607ca46eSDavid Howells __le32 permitted; /* Little endian */ 77607ca46eSDavid Howells __le32 inheritable; /* Little endian */ 78607ca46eSDavid Howells } data[VFS_CAP_U32]; 79607ca46eSDavid Howells }; 80607ca46eSDavid Howells 818db6c34fSSerge E. Hallyn /* 828db6c34fSSerge E. Hallyn * same as vfs_cap_data but with a rootid at the end 838db6c34fSSerge E. Hallyn */ 848db6c34fSSerge E. Hallyn struct vfs_ns_cap_data { 858db6c34fSSerge E. Hallyn __le32 magic_etc; 868db6c34fSSerge E. Hallyn struct { 878db6c34fSSerge E. Hallyn __le32 permitted; /* Little endian */ 888db6c34fSSerge E. Hallyn __le32 inheritable; /* Little endian */ 898db6c34fSSerge E. Hallyn } data[VFS_CAP_U32]; 908db6c34fSSerge E. Hallyn __le32 rootid; 918db6c34fSSerge E. Hallyn }; 928db6c34fSSerge E. Hallyn 93607ca46eSDavid Howells #ifndef __KERNEL__ 94607ca46eSDavid Howells 95607ca46eSDavid Howells /* 96607ca46eSDavid Howells * Backwardly compatible definition for source code - trapped in a 97607ca46eSDavid Howells * 32-bit world. If you find you need this, please consider using 98607ca46eSDavid Howells * libcap to untrap yourself... 99607ca46eSDavid Howells */ 100607ca46eSDavid Howells #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 101607ca46eSDavid Howells #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 102607ca46eSDavid Howells 103607ca46eSDavid Howells #endif 104607ca46eSDavid Howells 105607ca46eSDavid Howells 106607ca46eSDavid Howells /** 107607ca46eSDavid Howells ** POSIX-draft defined capabilities. 108607ca46eSDavid Howells **/ 109607ca46eSDavid Howells 110607ca46eSDavid Howells /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this 111607ca46eSDavid Howells overrides the restriction of changing file ownership and group 112607ca46eSDavid Howells ownership. */ 113607ca46eSDavid Howells 114607ca46eSDavid Howells #define CAP_CHOWN 0 115607ca46eSDavid Howells 116607ca46eSDavid Howells /* Override all DAC access, including ACL execute access if 117607ca46eSDavid Howells [_POSIX_ACL] is defined. Excluding DAC access covered by 118607ca46eSDavid Howells CAP_LINUX_IMMUTABLE. */ 119607ca46eSDavid Howells 120607ca46eSDavid Howells #define CAP_DAC_OVERRIDE 1 121607ca46eSDavid Howells 122607ca46eSDavid Howells /* Overrides all DAC restrictions regarding read and search on files 123607ca46eSDavid Howells and directories, including ACL restrictions if [_POSIX_ACL] is 124607ca46eSDavid Howells defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ 125607ca46eSDavid Howells 126607ca46eSDavid Howells #define CAP_DAC_READ_SEARCH 2 127607ca46eSDavid Howells 128607ca46eSDavid Howells /* Overrides all restrictions about allowed operations on files, where 129607ca46eSDavid Howells file owner ID must be equal to the user ID, except where CAP_FSETID 130607ca46eSDavid Howells is applicable. It doesn't override MAC and DAC restrictions. */ 131607ca46eSDavid Howells 132607ca46eSDavid Howells #define CAP_FOWNER 3 133607ca46eSDavid Howells 134607ca46eSDavid Howells /* Overrides the following restrictions that the effective user ID 135607ca46eSDavid Howells shall match the file owner ID when setting the S_ISUID and S_ISGID 136607ca46eSDavid Howells bits on that file; that the effective group ID (or one of the 137607ca46eSDavid Howells supplementary group IDs) shall match the file owner ID when setting 138607ca46eSDavid Howells the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are 139607ca46eSDavid Howells cleared on successful return from chown(2) (not implemented). */ 140607ca46eSDavid Howells 141607ca46eSDavid Howells #define CAP_FSETID 4 142607ca46eSDavid Howells 143607ca46eSDavid Howells /* Overrides the restriction that the real or effective user ID of a 144607ca46eSDavid Howells process sending a signal must match the real or effective user ID 145607ca46eSDavid Howells of the process receiving the signal. */ 146607ca46eSDavid Howells 147607ca46eSDavid Howells #define CAP_KILL 5 148607ca46eSDavid Howells 149607ca46eSDavid Howells /* Allows setgid(2) manipulation */ 150607ca46eSDavid Howells /* Allows setgroups(2) */ 151607ca46eSDavid Howells /* Allows forged gids on socket credentials passing. */ 152607ca46eSDavid Howells 153607ca46eSDavid Howells #define CAP_SETGID 6 154607ca46eSDavid Howells 155607ca46eSDavid Howells /* Allows set*uid(2) manipulation (including fsuid). */ 156607ca46eSDavid Howells /* Allows forged pids on socket credentials passing. */ 157607ca46eSDavid Howells 158607ca46eSDavid Howells #define CAP_SETUID 7 159607ca46eSDavid Howells 160607ca46eSDavid Howells 161607ca46eSDavid Howells /** 162607ca46eSDavid Howells ** Linux-specific capabilities 163607ca46eSDavid Howells **/ 164607ca46eSDavid Howells 165607ca46eSDavid Howells /* Without VFS support for capabilities: 166607ca46eSDavid Howells * Transfer any capability in your permitted set to any pid, 167607ca46eSDavid Howells * remove any capability in your permitted set from any pid 168607ca46eSDavid Howells * With VFS support for capabilities (neither of above, but) 169607ca46eSDavid Howells * Add any capability from current's capability bounding set 170607ca46eSDavid Howells * to the current process' inheritable set 171607ca46eSDavid Howells * Allow taking bits out of capability bounding set 172607ca46eSDavid Howells * Allow modification of the securebits for a process 173607ca46eSDavid Howells */ 174607ca46eSDavid Howells 175607ca46eSDavid Howells #define CAP_SETPCAP 8 176607ca46eSDavid Howells 177607ca46eSDavid Howells /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ 178607ca46eSDavid Howells 179607ca46eSDavid Howells #define CAP_LINUX_IMMUTABLE 9 180607ca46eSDavid Howells 181607ca46eSDavid Howells /* Allows binding to TCP/UDP sockets below 1024 */ 182607ca46eSDavid Howells /* Allows binding to ATM VCIs below 32 */ 183607ca46eSDavid Howells 184607ca46eSDavid Howells #define CAP_NET_BIND_SERVICE 10 185607ca46eSDavid Howells 186607ca46eSDavid Howells /* Allow broadcasting, listen to multicast */ 187607ca46eSDavid Howells 188607ca46eSDavid Howells #define CAP_NET_BROADCAST 11 189607ca46eSDavid Howells 190607ca46eSDavid Howells /* Allow interface configuration */ 191607ca46eSDavid Howells /* Allow administration of IP firewall, masquerading and accounting */ 192607ca46eSDavid Howells /* Allow setting debug option on sockets */ 193607ca46eSDavid Howells /* Allow modification of routing tables */ 194607ca46eSDavid Howells /* Allow setting arbitrary process / process group ownership on 195607ca46eSDavid Howells sockets */ 196607ca46eSDavid Howells /* Allow binding to any address for transparent proxying (also via NET_RAW) */ 197607ca46eSDavid Howells /* Allow setting TOS (type of service) */ 198607ca46eSDavid Howells /* Allow setting promiscuous mode */ 199607ca46eSDavid Howells /* Allow clearing driver statistics */ 200607ca46eSDavid Howells /* Allow multicasting */ 201607ca46eSDavid Howells /* Allow read/write of device-specific registers */ 202607ca46eSDavid Howells /* Allow activation of ATM control sockets */ 203607ca46eSDavid Howells 204607ca46eSDavid Howells #define CAP_NET_ADMIN 12 205607ca46eSDavid Howells 206607ca46eSDavid Howells /* Allow use of RAW sockets */ 207607ca46eSDavid Howells /* Allow use of PACKET sockets */ 208607ca46eSDavid Howells /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ 209607ca46eSDavid Howells 210607ca46eSDavid Howells #define CAP_NET_RAW 13 211607ca46eSDavid Howells 212607ca46eSDavid Howells /* Allow locking of shared memory segments */ 213607ca46eSDavid Howells /* Allow mlock and mlockall (which doesn't really have anything to do 214607ca46eSDavid Howells with IPC) */ 215607ca46eSDavid Howells 216607ca46eSDavid Howells #define CAP_IPC_LOCK 14 217607ca46eSDavid Howells 218607ca46eSDavid Howells /* Override IPC ownership checks */ 219607ca46eSDavid Howells 220607ca46eSDavid Howells #define CAP_IPC_OWNER 15 221607ca46eSDavid Howells 222607ca46eSDavid Howells /* Insert and remove kernel modules - modify kernel without limit */ 223607ca46eSDavid Howells #define CAP_SYS_MODULE 16 224607ca46eSDavid Howells 225607ca46eSDavid Howells /* Allow ioperm/iopl access */ 22621470e32SMauro Carvalho Chehab /* Allow sending USB messages to any device via /dev/bus/usb */ 227607ca46eSDavid Howells 228607ca46eSDavid Howells #define CAP_SYS_RAWIO 17 229607ca46eSDavid Howells 230607ca46eSDavid Howells /* Allow use of chroot() */ 231607ca46eSDavid Howells 232607ca46eSDavid Howells #define CAP_SYS_CHROOT 18 233607ca46eSDavid Howells 234607ca46eSDavid Howells /* Allow ptrace() of any process */ 235607ca46eSDavid Howells 236607ca46eSDavid Howells #define CAP_SYS_PTRACE 19 237607ca46eSDavid Howells 238607ca46eSDavid Howells /* Allow configuration of process accounting */ 239607ca46eSDavid Howells 240607ca46eSDavid Howells #define CAP_SYS_PACCT 20 241607ca46eSDavid Howells 242607ca46eSDavid Howells /* Allow configuration of the secure attention key */ 243607ca46eSDavid Howells /* Allow administration of the random device */ 244607ca46eSDavid Howells /* Allow examination and configuration of disk quotas */ 245607ca46eSDavid Howells /* Allow setting the domainname */ 246607ca46eSDavid Howells /* Allow setting the hostname */ 247607ca46eSDavid Howells /* Allow mount() and umount(), setting up new smb connection */ 248607ca46eSDavid Howells /* Allow some autofs root ioctls */ 249607ca46eSDavid Howells /* Allow nfsservctl */ 250607ca46eSDavid Howells /* Allow VM86_REQUEST_IRQ */ 251607ca46eSDavid Howells /* Allow to read/write pci config on alpha */ 252607ca46eSDavid Howells /* Allow irix_prctl on mips (setstacksize) */ 253607ca46eSDavid Howells /* Allow flushing all cache on m68k (sys_cacheflush) */ 254607ca46eSDavid Howells /* Allow removing semaphores */ 255607ca46eSDavid Howells /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores 256607ca46eSDavid Howells and shared memory */ 257607ca46eSDavid Howells /* Allow locking/unlocking of shared memory segment */ 258607ca46eSDavid Howells /* Allow turning swap on/off */ 259607ca46eSDavid Howells /* Allow forged pids on socket credentials passing */ 260607ca46eSDavid Howells /* Allow setting readahead and flushing buffers on block devices */ 261607ca46eSDavid Howells /* Allow setting geometry in floppy driver */ 262607ca46eSDavid Howells /* Allow turning DMA on/off in xd driver */ 263607ca46eSDavid Howells /* Allow administration of md devices (mostly the above, but some 264607ca46eSDavid Howells extra ioctls) */ 265607ca46eSDavid Howells /* Allow tuning the ide driver */ 266607ca46eSDavid Howells /* Allow access to the nvram device */ 267607ca46eSDavid Howells /* Allow administration of apm_bios, serial and bttv (TV) device */ 268607ca46eSDavid Howells /* Allow manufacturer commands in isdn CAPI support driver */ 269607ca46eSDavid Howells /* Allow reading non-standardized portions of pci configuration space */ 270607ca46eSDavid Howells /* Allow DDI debug ioctl on sbpcd driver */ 271607ca46eSDavid Howells /* Allow setting up serial ports */ 272607ca46eSDavid Howells /* Allow sending raw qic-117 commands */ 273607ca46eSDavid Howells /* Allow enabling/disabling tagged queuing on SCSI controllers and sending 274607ca46eSDavid Howells arbitrary SCSI commands */ 275607ca46eSDavid Howells /* Allow setting encryption key on loopback filesystem */ 276607ca46eSDavid Howells /* Allow setting zone reclaim policy */ 277a17b53c4SAlexei Starovoitov /* Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility */ 278607ca46eSDavid Howells 279607ca46eSDavid Howells #define CAP_SYS_ADMIN 21 280607ca46eSDavid Howells 281607ca46eSDavid Howells /* Allow use of reboot() */ 282607ca46eSDavid Howells 283607ca46eSDavid Howells #define CAP_SYS_BOOT 22 284607ca46eSDavid Howells 285607ca46eSDavid Howells /* Allow raising priority and setting priority on other (different 286607ca46eSDavid Howells UID) processes */ 287607ca46eSDavid Howells /* Allow use of FIFO and round-robin (realtime) scheduling on own 288607ca46eSDavid Howells processes and setting the scheduling algorithm used by another 289607ca46eSDavid Howells process. */ 290607ca46eSDavid Howells /* Allow setting cpu affinity on other processes */ 2919d3a39a5SKhazhismel Kumykov /* Allow setting realtime ioprio class */ 2929d3a39a5SKhazhismel Kumykov /* Allow setting ioprio class on other processes */ 293607ca46eSDavid Howells 294607ca46eSDavid Howells #define CAP_SYS_NICE 23 295607ca46eSDavid Howells 296607ca46eSDavid Howells /* Override resource limits. Set resource limits. */ 297607ca46eSDavid Howells /* Override quota limits. */ 298607ca46eSDavid Howells /* Override reserved space on ext2 filesystem */ 299607ca46eSDavid Howells /* Modify data journaling mode on ext3 filesystem (uses journaling 300607ca46eSDavid Howells resources) */ 301607ca46eSDavid Howells /* NOTE: ext2 honors fsuid when checking for resource overrides, so 302607ca46eSDavid Howells you can override using fsuid too */ 303607ca46eSDavid Howells /* Override size restrictions on IPC message queues */ 304607ca46eSDavid Howells /* Allow more than 64hz interrupts from the real-time clock */ 305607ca46eSDavid Howells /* Override max number of consoles on console allocation */ 306607ca46eSDavid Howells /* Override max number of keymaps */ 3078d19f1c8SMike Christie /* Control memory reclaim behavior */ 308607ca46eSDavid Howells 309607ca46eSDavid Howells #define CAP_SYS_RESOURCE 24 310607ca46eSDavid Howells 311607ca46eSDavid Howells /* Allow manipulation of system clock */ 312607ca46eSDavid Howells /* Allow irix_stime on mips */ 313607ca46eSDavid Howells /* Allow setting the real-time clock */ 314607ca46eSDavid Howells 315607ca46eSDavid Howells #define CAP_SYS_TIME 25 316607ca46eSDavid Howells 317607ca46eSDavid Howells /* Allow configuration of tty devices */ 318607ca46eSDavid Howells /* Allow vhangup() of tty */ 319607ca46eSDavid Howells 320607ca46eSDavid Howells #define CAP_SYS_TTY_CONFIG 26 321607ca46eSDavid Howells 322607ca46eSDavid Howells /* Allow the privileged aspects of mknod() */ 323607ca46eSDavid Howells 324607ca46eSDavid Howells #define CAP_MKNOD 27 325607ca46eSDavid Howells 326607ca46eSDavid Howells /* Allow taking of leases on files */ 327607ca46eSDavid Howells 328607ca46eSDavid Howells #define CAP_LEASE 28 329607ca46eSDavid Howells 330147d2601SRichard Guy Briggs /* Allow writing the audit log via unicast netlink socket */ 331147d2601SRichard Guy Briggs 332607ca46eSDavid Howells #define CAP_AUDIT_WRITE 29 333607ca46eSDavid Howells 334147d2601SRichard Guy Briggs /* Allow configuration of audit via unicast netlink socket */ 335147d2601SRichard Guy Briggs 336607ca46eSDavid Howells #define CAP_AUDIT_CONTROL 30 337607ca46eSDavid Howells 338db2e718aSSerge E. Hallyn /* Set or remove capabilities on files. 339db2e718aSSerge E. Hallyn Map uid=0 into a child user namespace. */ 34056f2e3b7SStefan Hajnoczi 341607ca46eSDavid Howells #define CAP_SETFCAP 31 342607ca46eSDavid Howells 343607ca46eSDavid Howells /* Override MAC access. 344607ca46eSDavid Howells The base kernel enforces no MAC policy. 345607ca46eSDavid Howells An LSM may enforce a MAC policy, and if it does and it chooses 346607ca46eSDavid Howells to implement capability based overrides of that policy, this is 347607ca46eSDavid Howells the capability it should use to do so. */ 348607ca46eSDavid Howells 349607ca46eSDavid Howells #define CAP_MAC_OVERRIDE 32 350607ca46eSDavid Howells 351607ca46eSDavid Howells /* Allow MAC configuration or state changes. 352607ca46eSDavid Howells The base kernel requires no MAC configuration. 353607ca46eSDavid Howells An LSM may enforce a MAC policy, and if it does and it chooses 354607ca46eSDavid Howells to implement capability based checks on modifications to that 355607ca46eSDavid Howells policy or the data required to maintain it, this is the 356607ca46eSDavid Howells capability it should use to do so. */ 357607ca46eSDavid Howells 358607ca46eSDavid Howells #define CAP_MAC_ADMIN 33 359607ca46eSDavid Howells 360607ca46eSDavid Howells /* Allow configuring the kernel's syslog (printk behaviour) */ 361607ca46eSDavid Howells 362607ca46eSDavid Howells #define CAP_SYSLOG 34 363607ca46eSDavid Howells 364607ca46eSDavid Howells /* Allow triggering something that will wake the system */ 365607ca46eSDavid Howells 366607ca46eSDavid Howells #define CAP_WAKE_ALARM 35 367607ca46eSDavid Howells 368607ca46eSDavid Howells /* Allow preventing system suspends */ 369607ca46eSDavid Howells 370607ca46eSDavid Howells #define CAP_BLOCK_SUSPEND 36 371607ca46eSDavid Howells 3723a101b8dSRichard Guy Briggs /* Allow reading the audit log via multicast netlink socket */ 3733a101b8dSRichard Guy Briggs 3743a101b8dSRichard Guy Briggs #define CAP_AUDIT_READ 37 3753a101b8dSRichard Guy Briggs 37698073728SAlexey Budankov /* 37798073728SAlexey Budankov * Allow system performance and observability privileged operations 37898073728SAlexey Budankov * using perf_events, i915_perf and other kernel subsystems 37998073728SAlexey Budankov */ 3803a101b8dSRichard Guy Briggs 38198073728SAlexey Budankov #define CAP_PERFMON 38 38298073728SAlexey Budankov 383a17b53c4SAlexei Starovoitov /* 384a17b53c4SAlexei Starovoitov * CAP_BPF allows the following BPF operations: 385a17b53c4SAlexei Starovoitov * - Creating all types of BPF maps 386a17b53c4SAlexei Starovoitov * - Advanced verifier features 387a17b53c4SAlexei Starovoitov * - Indirect variable access 388a17b53c4SAlexei Starovoitov * - Bounded loops 389a17b53c4SAlexei Starovoitov * - BPF to BPF function calls 390a17b53c4SAlexei Starovoitov * - Scalar precision tracking 391a17b53c4SAlexei Starovoitov * - Larger complexity limits 392a17b53c4SAlexei Starovoitov * - Dead code elimination 393a17b53c4SAlexei Starovoitov * - And potentially other features 394a17b53c4SAlexei Starovoitov * - Loading BPF Type Format (BTF) data 395a17b53c4SAlexei Starovoitov * - Retrieve xlated and JITed code of BPF programs 396a17b53c4SAlexei Starovoitov * - Use bpf_spin_lock() helper 397a17b53c4SAlexei Starovoitov * 398a17b53c4SAlexei Starovoitov * CAP_PERFMON relaxes the verifier checks further: 399a17b53c4SAlexei Starovoitov * - BPF progs can use of pointer-to-integer conversions 400a17b53c4SAlexei Starovoitov * - speculation attack hardening measures are bypassed 401a17b53c4SAlexei Starovoitov * - bpf_probe_read to read arbitrary kernel memory is allowed 402a17b53c4SAlexei Starovoitov * - bpf_trace_printk to print kernel memory is allowed 403a17b53c4SAlexei Starovoitov * 404a17b53c4SAlexei Starovoitov * CAP_SYS_ADMIN is required to use bpf_probe_write_user. 405a17b53c4SAlexei Starovoitov * 406a17b53c4SAlexei Starovoitov * CAP_SYS_ADMIN is required to iterate system wide loaded 407a17b53c4SAlexei Starovoitov * programs, maps, links, BTFs and convert their IDs to file descriptors. 408a17b53c4SAlexei Starovoitov * 409a17b53c4SAlexei Starovoitov * CAP_PERFMON and CAP_BPF are required to load tracing programs. 410a17b53c4SAlexei Starovoitov * CAP_NET_ADMIN and CAP_BPF are required to load networking programs. 411a17b53c4SAlexei Starovoitov */ 412a17b53c4SAlexei Starovoitov #define CAP_BPF 39 413a17b53c4SAlexei Starovoitov 414124ea650SAdrian Reber 415124ea650SAdrian Reber /* Allow checkpoint/restore related operations */ 416124ea650SAdrian Reber /* Allow PID selection during clone3() */ 417124ea650SAdrian Reber /* Allow writing to ns_last_pid */ 418124ea650SAdrian Reber 419124ea650SAdrian Reber #define CAP_CHECKPOINT_RESTORE 40 420124ea650SAdrian Reber 421124ea650SAdrian Reber #define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE 422607ca46eSDavid Howells 423607ca46eSDavid Howells #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) 424607ca46eSDavid Howells 425607ca46eSDavid Howells /* 426607ca46eSDavid Howells * Bit location of each capability (used by user-space library and kernel) 427607ca46eSDavid Howells */ 428607ca46eSDavid Howells 429607ca46eSDavid Howells #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ 43046653972SGaosheng Cui #define CAP_TO_MASK(x) (1U << ((x) & 31)) /* mask for indexed __u32 */ 431607ca46eSDavid Howells 432607ca46eSDavid Howells 433607ca46eSDavid Howells #endif /* _UAPI_LINUX_CAPABILITY_H */ 434