1package cap 2 3/* ** DO NOT EDIT THIS FILE. IT WAS AUTO-GENERATED BY LIBCAP'S GO BUILDER (mknames.go) ** */ 4 5// NamedCount holds the number of capability values, with official 6// names, known at the time this libcap/cap version was released. The 7// "../libcap/cap" package is fully able to manipulate higher numbered 8// capability values by numerical value. However, if you find 9// cap.NamedCount < cap.MaxBits(), it is probably time to upgrade this 10// package on your system. 11// 12// FWIW the userspace tool '/sbin/capsh' also contains a runtime check 13// for the condition that libcap is behind the running kernel in this 14// way. 15const NamedCount = 41 16 17// CHOWN etc., are the named capability values of the Linux 18// kernel. The canonical source for each name is the 19// "uapi/linux/capabilities.h" file. Some values may not be available 20// (yet) where the kernel is older. The actual number of capabities 21// supported by the running kernel can be obtained using the 22// cap.MaxBits() function. 23const ( 24 // CHOWN allows a process to arbitrarily change the user and 25 // group ownership of a file. 26 CHOWN Value = iota 27 28 // DAC_OVERRIDE allows a process to override of all Discretionary 29 // Access Control (DAC) access, including ACL execute 30 // access. That is read, write or execute files that the 31 // process would otherwise not have access to. This 32 // excludes DAC access covered by cap.LINUX_IMMUTABLE. 33 DAC_OVERRIDE 34 35 // DAC_READ_SEARCH allows a process to override all DAC restrictions 36 // limiting the read and search of files and 37 // directories. This excludes DAC access covered by 38 // cap.LINUX_IMMUTABLE. 39 DAC_READ_SEARCH 40 41 // FOWNER allows a process to perform operations on files, even 42 // where file owner ID should otherwise need be equal to 43 // the UID, except where cap.FSETID is applicable. It 44 // doesn't override MAC and DAC restrictions. 45 // 46 // This capability permits the deletion of a file owned 47 // by another UID in a directory protected by the sticky 48 // (t) bit. 49 FOWNER 50 51 // FSETID allows a process to set the S_ISUID and S_ISUID bits of 52 // the file permissions, even when the process' effective 53 // UID or GID/supplementary GIDs do not match that of the 54 // file. 55 FSETID 56 57 // KILL allows a process to send a kill(2) signal to any other 58 // process - overriding the limitation that there be a 59 // [E]UID match between source and target process. 60 KILL 61 62 // SETGID allows a process to freely manipulate its own GIDs: 63 // - arbitrarily set the GID, EGID, REGID, RESGID values 64 // - arbitrarily set the supplementary GIDs 65 // - allows the forging of GID credentials passed over a 66 // socket 67 SETGID 68 69 // SETUID allows a process to freely manipulate its own UIDs: 70 // - arbitrarily set the UID, EUID, REUID and RESUID 71 // values 72 // - allows the forging of UID credentials passed over a 73 // socket 74 SETUID 75 76 // SETPCAP allows a process to freely manipulate its inheritable 77 // capabilities. 78 // 79 // Linux supports the POSIX.1e Inheritable set, the POXIX.1e (X 80 // vector) known in Linux as the Bounding vector, as well as 81 // the Linux extension Ambient vector. 82 // 83 // This capability permits dropping bits from the Bounding 84 // vector (ie. raising B bits in the libcap IAB 85 // representation). It also permits the process to raise 86 // Ambient vector bits that are both raised in the Permitted 87 // and Inheritable sets of the process. This capability cannot 88 // be used to raise Permitted bits, Effective bits beyond those 89 // already present in the process' permitted set, or 90 // Inheritable bits beyond those present in the Bounding 91 // vector. 92 // 93 // [Historical note: prior to the advent of file capabilities 94 // (2008), this capability was suppressed by default, as its 95 // unsuppressed behavior was not auditable: it could 96 // asynchronously grant its own Permitted capabilities to and 97 // remove capabilities from other processes arbitrarily. The 98 // former leads to undefined behavior, and the latter is better 99 // served by the kill system call.] 100 SETPCAP 101 102 // LINUX_IMMUTABLE allows a process to modify the S_IMMUTABLE and 103 // S_APPEND file attributes. 104 LINUX_IMMUTABLE 105 106 // NET_BIND_SERVICE allows a process to bind to privileged ports: 107 // - TCP/UDP sockets below 1024 108 // - ATM VCIs below 32 109 NET_BIND_SERVICE 110 111 // NET_BROADCAST allows a process to broadcast to the network and to 112 // listen to multicast. 113 NET_BROADCAST 114 115 // NET_ADMIN allows a process to perform network configuration 116 // operations: 117 // - interface configuration 118 // - administration of IP firewall, masquerading and 119 // accounting 120 // - setting debug options on sockets 121 // - modification of routing tables 122 // - setting arbitrary process, and process group 123 // ownership on sockets 124 // - binding to any address for transparent proxying 125 // (this is also allowed via cap.NET_RAW) 126 // - setting TOS (Type of service) 127 // - setting promiscuous mode 128 // - clearing driver statistics 129 // - multicasing 130 // - read/write of device-specific registers 131 // - activation of ATM control sockets 132 NET_ADMIN 133 134 // NET_RAW allows a process to use raw networking: 135 // - RAW sockets 136 // - PACKET sockets 137 // - binding to any address for transparent proxying 138 // (also permitted via cap.NET_ADMIN) 139 NET_RAW 140 141 // IPC_LOCK allows a process to lock shared memory segments for IPC 142 // purposes. Also enables mlock and mlockall system 143 // calls. 144 IPC_LOCK 145 146 // IPC_OWNER allows a process to override IPC ownership checks. 147 IPC_OWNER 148 149 // SYS_MODULE allows a process to initiate the loading and unloading 150 // of kernel modules. This capability can effectively 151 // modify kernel without limit. 152 SYS_MODULE 153 154 // SYS_RAWIO allows a process to perform raw IO: 155 // - permit ioper/iopl access 156 // - permit sending USB messages to any device via 157 // /dev/bus/usb 158 SYS_RAWIO 159 160 // SYS_CHROOT allows a process to perform a chroot syscall to change 161 // the effective root of the process' file system: 162 // redirect to directory "/" to some other location. 163 SYS_CHROOT 164 165 // SYS_PTRACE allows a process to perform a ptrace() of any other 166 // process. 167 SYS_PTRACE 168 169 // SYS_PACCT allows a process to configure process accounting. 170 SYS_PACCT 171 172 // SYS_ADMIN allows a process to perform a somewhat arbitrary 173 // grab-bag of privileged operations. Over time, this 174 // capability should weaken as specific capabilities are 175 // created for subsets of cap.SYS_ADMINs functionality: 176 // - configuration of the secure attention key 177 // - administration of the random device 178 // - examination and configuration of disk quotas 179 // - setting the domainname 180 // - setting the hostname 181 // - calling bdflush() 182 // - mount() and umount(), setting up new SMB connection 183 // - some autofs root ioctls 184 // - nfsservctl 185 // - VM86_REQUEST_IRQ 186 // - to read/write pci config on alpha 187 // - irix_prctl on mips (setstacksize) 188 // - flushing all cache on m68k (sys_cacheflush) 189 // - removing semaphores 190 // - Used instead of cap.CHOWN to "chown" IPC message 191 // queues, semaphores and shared memory 192 // - locking/unlocking of shared memory segment 193 // - turning swap on/off 194 // - forged pids on socket credentials passing 195 // - setting readahead and flushing buffers on block 196 // devices 197 // - setting geometry in floppy driver 198 // - turning DMA on/off in xd driver 199 // - administration of md devices (mostly the above, but 200 // some extra ioctls) 201 // - tuning the ide driver 202 // - access to the nvram device 203 // - administration of apm_bios, serial and bttv (TV) 204 // device 205 // - manufacturer commands in isdn CAPI support driver 206 // - reading non-standardized portions of PCI 207 // configuration space 208 // - DDI debug ioctl on sbpcd driver 209 // - setting up serial ports 210 // - sending raw qic-117 commands 211 // - enabling/disabling tagged queuing on SCSI 212 // controllers and sending arbitrary SCSI commands 213 // - setting encryption key on loopback filesystem 214 // - setting zone reclaim policy 215 SYS_ADMIN 216 217 // SYS_BOOT allows a process to initiate a reboot of the system. 218 SYS_BOOT 219 220 // SYS_NICE allows a process to maipulate the execution priorities 221 // of arbitrary processes: 222 // - those involving different UIDs 223 // - setting their CPU affinity 224 // - alter the FIFO vs. round-robin (realtime) 225 // scheduling for itself and other processes. 226 SYS_NICE 227 228 // SYS_RESOURCE allows a process to adjust resource related parameters 229 // of processes and the system: 230 // - set and override resource limits 231 // - override quota limits 232 // - override the reserved space on ext2 filesystem 233 // (this can also be achieved via cap.FSETID) 234 // - modify the data journaling mode on ext3 filesystem, 235 // which uses journaling resources 236 // - override size restrictions on IPC message queues 237 // - configure more than 64Hz interrupts from the 238 // real-time clock 239 // - override the maximum number of consoles for console 240 // allocation 241 // - override the maximum number of keymaps 242 SYS_RESOURCE 243 244 // SYS_TIME allows a process to perform time manipulation of clocks: 245 // - alter the system clock 246 // - enable irix_stime on MIPS 247 // - set the real-time clock 248 SYS_TIME 249 250 // SYS_TTY_CONFIG allows a process to manipulate tty devices: 251 // - configure tty devices 252 // - perform vhangup() of a tty 253 SYS_TTY_CONFIG 254 255 // MKNOD allows a process to perform privileged operations with 256 // the mknod() system call. 257 MKNOD 258 259 // LEASE allows a process to take leases on files. 260 LEASE 261 262 // AUDIT_WRITE allows a process to write to the audit log via a 263 // unicast netlink socket. 264 AUDIT_WRITE 265 266 // AUDIT_CONTROL allows a process to configure audit logging via a 267 // unicast netlink socket. 268 AUDIT_CONTROL 269 270 // SETFCAP allows a process to set capabilities on files. 271 // Permits a process to uid_map the uid=0 of the 272 // parent user namespace into that of the child 273 // namespace. Also, permits a process to override 274 // securebits locks through user namespace 275 // creation. 276 SETFCAP 277 278 // MAC_OVERRIDE allows a process to override Manditory Access Control 279 // (MAC) access. Not all kernels are configured with a MAC 280 // mechanism, but this is the capability reserved for 281 // overriding them. 282 MAC_OVERRIDE 283 284 // MAC_ADMIN allows a process to configure the Mandatory Access 285 // Control (MAC) policy. Not all kernels are configured 286 // with a MAC enabled, but if they are this capability is 287 // reserved for code to perform administration tasks. 288 MAC_ADMIN 289 290 // SYSLOG allows a process to configure the kernel's syslog 291 // (printk) behavior. 292 SYSLOG 293 294 // WAKE_ALARM allows a process to trigger something that can wake the 295 // system up. 296 WAKE_ALARM 297 298 // BLOCK_SUSPEND allows a process to block system suspends - prevent the 299 // system from entering a lower power state. 300 BLOCK_SUSPEND 301 302 // AUDIT_READ allows a process to read the audit log via a multicast 303 // netlink socket. 304 AUDIT_READ 305 306 // PERFMON allows a process to enable observability of privileged 307 // operations related to performance. The mechanisms 308 // include perf_events, i915_perf and other kernel 309 // subsystems. 310 PERFMON 311 312 // BPF allows a process to manipulate aspects of the kernel 313 // enhanced Berkeley Packet Filter (BPF) system. This is 314 // an execution subsystem of the kernel, that manages BPF 315 // programs. cap.BPF permits a process to: 316 // - create all types of BPF maps 317 // - advanced verifier features: 318 // - indirect variable access 319 // - bounded loops 320 // - BPF to BPF function calls 321 // - scalar precision tracking 322 // - larger complexity limits 323 // - dead code elimination 324 // - potentially other features 325 // 326 // Other capabilities can be used together with cap.BFP to 327 // further manipulate the BPF system: 328 // - cap.PERFMON relaxes the verifier checks as follows: 329 // - BPF programs can use pointer-to-integer 330 // conversions 331 // - speculation attack hardening measures can be 332 // bypassed 333 // - bpf_probe_read to read arbitrary kernel memory is 334 // permitted 335 // - bpf_trace_printk to print the content of kernel 336 // memory 337 // - cap.SYS_ADMIN permits the following: 338 // - use of bpf_probe_write_user 339 // - iteration over the system-wide loaded programs, 340 // maps, links BTFs and convert their IDs to file 341 // descriptors. 342 // - cap.PERFMON is required to load tracing programs. 343 // - cap.NET_ADMIN is required to load networking 344 // programs. 345 BPF 346 347 // CHECKPOINT_RESTORE allows a process to perform checkpoint 348 // and restore operations. Also permits 349 // explicit PID control via clone3() and 350 // also writing to ns_last_pid. 351 CHECKPOINT_RESTORE 352) 353 354var names = map[Value]string{ 355 CHOWN: "cap_chown", 356 DAC_OVERRIDE: "cap_dac_override", 357 DAC_READ_SEARCH: "cap_dac_read_search", 358 FOWNER: "cap_fowner", 359 FSETID: "cap_fsetid", 360 KILL: "cap_kill", 361 SETGID: "cap_setgid", 362 SETUID: "cap_setuid", 363 SETPCAP: "cap_setpcap", 364 LINUX_IMMUTABLE: "cap_linux_immutable", 365 NET_BIND_SERVICE: "cap_net_bind_service", 366 NET_BROADCAST: "cap_net_broadcast", 367 NET_ADMIN: "cap_net_admin", 368 NET_RAW: "cap_net_raw", 369 IPC_LOCK: "cap_ipc_lock", 370 IPC_OWNER: "cap_ipc_owner", 371 SYS_MODULE: "cap_sys_module", 372 SYS_RAWIO: "cap_sys_rawio", 373 SYS_CHROOT: "cap_sys_chroot", 374 SYS_PTRACE: "cap_sys_ptrace", 375 SYS_PACCT: "cap_sys_pacct", 376 SYS_ADMIN: "cap_sys_admin", 377 SYS_BOOT: "cap_sys_boot", 378 SYS_NICE: "cap_sys_nice", 379 SYS_RESOURCE: "cap_sys_resource", 380 SYS_TIME: "cap_sys_time", 381 SYS_TTY_CONFIG: "cap_sys_tty_config", 382 MKNOD: "cap_mknod", 383 LEASE: "cap_lease", 384 AUDIT_WRITE: "cap_audit_write", 385 AUDIT_CONTROL: "cap_audit_control", 386 SETFCAP: "cap_setfcap", 387 MAC_OVERRIDE: "cap_mac_override", 388 MAC_ADMIN: "cap_mac_admin", 389 SYSLOG: "cap_syslog", 390 WAKE_ALARM: "cap_wake_alarm", 391 BLOCK_SUSPEND: "cap_block_suspend", 392 AUDIT_READ: "cap_audit_read", 393 PERFMON: "cap_perfmon", 394 BPF: "cap_bpf", 395 CHECKPOINT_RESTORE: "cap_checkpoint_restore", 396} 397 398var bits = map[string]Value{ 399 "cap_chown": CHOWN, 400 "cap_dac_override": DAC_OVERRIDE, 401 "cap_dac_read_search": DAC_READ_SEARCH, 402 "cap_fowner": FOWNER, 403 "cap_fsetid": FSETID, 404 "cap_kill": KILL, 405 "cap_setgid": SETGID, 406 "cap_setuid": SETUID, 407 "cap_setpcap": SETPCAP, 408 "cap_linux_immutable": LINUX_IMMUTABLE, 409 "cap_net_bind_service": NET_BIND_SERVICE, 410 "cap_net_broadcast": NET_BROADCAST, 411 "cap_net_admin": NET_ADMIN, 412 "cap_net_raw": NET_RAW, 413 "cap_ipc_lock": IPC_LOCK, 414 "cap_ipc_owner": IPC_OWNER, 415 "cap_sys_module": SYS_MODULE, 416 "cap_sys_rawio": SYS_RAWIO, 417 "cap_sys_chroot": SYS_CHROOT, 418 "cap_sys_ptrace": SYS_PTRACE, 419 "cap_sys_pacct": SYS_PACCT, 420 "cap_sys_admin": SYS_ADMIN, 421 "cap_sys_boot": SYS_BOOT, 422 "cap_sys_nice": SYS_NICE, 423 "cap_sys_resource": SYS_RESOURCE, 424 "cap_sys_time": SYS_TIME, 425 "cap_sys_tty_config": SYS_TTY_CONFIG, 426 "cap_mknod": MKNOD, 427 "cap_lease": LEASE, 428 "cap_audit_write": AUDIT_WRITE, 429 "cap_audit_control": AUDIT_CONTROL, 430 "cap_setfcap": SETFCAP, 431 "cap_mac_override": MAC_OVERRIDE, 432 "cap_mac_admin": MAC_ADMIN, 433 "cap_syslog": SYSLOG, 434 "cap_wake_alarm": WAKE_ALARM, 435 "cap_block_suspend": BLOCK_SUSPEND, 436 "cap_audit_read": AUDIT_READ, 437 "cap_perfmon": PERFMON, 438 "cap_bpf": BPF, 439 "cap_checkpoint_restore": CHECKPOINT_RESTORE, 440} 441