diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2016-01-30 17:10:48 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2016-01-30 17:10:48 -0800 |
| commit | 9c3d89fbb9d819ade80b544f8a35f7b90c07cd14 (patch) | |
| tree | c6ac6eaa1f2f5b0a8b290e18511719183631c47f | |
| parent | b245719465b10d69701d9d5038ff88a18f1a4158 (diff) | |
| download | libcap-9c3d89fbb9d819ade80b544f8a35f7b90c07cd14.tar.gz | |
Update to Linus' kernel tree uapi headers.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
| -rw-r--r-- | libcap/include/uapi/linux/capability.h | 11 | ||||
| -rw-r--r-- | libcap/include/uapi/linux/securebits.h | 11 |
2 files changed, 20 insertions, 2 deletions
diff --git a/libcap/include/uapi/linux/capability.h b/libcap/include/uapi/linux/capability.h index a4b907f..432e023 100644 --- a/libcap/include/uapi/linux/capability.h +++ b/libcap/include/uapi/linux/capability.h @@ -308,8 +308,12 @@ struct vfs_cap_data { #define CAP_LEASE 28 +/* Allow writing the audit log via unicast netlink socket */ + #define CAP_AUDIT_WRITE 29 +/* Allow configuration of audit via unicast netlink socket */ + #define CAP_AUDIT_CONTROL 30 #define CAP_SETFCAP 31 @@ -343,7 +347,12 @@ struct vfs_cap_data { #define CAP_BLOCK_SUSPEND 36 -#define CAP_LAST_CAP CAP_BLOCK_SUSPEND +/* Allow reading the audit log via multicast netlink socket */ + +#define CAP_AUDIT_READ 37 + + +#define CAP_LAST_CAP CAP_AUDIT_READ #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) diff --git a/libcap/include/uapi/linux/securebits.h b/libcap/include/uapi/linux/securebits.h index 985aac9..35ac35c 100644 --- a/libcap/include/uapi/linux/securebits.h +++ b/libcap/include/uapi/linux/securebits.h @@ -43,9 +43,18 @@ #define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS)) #define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED)) +/* When set, a process cannot add new capabilities to its ambient set. */ +#define SECURE_NO_CAP_AMBIENT_RAISE 6 +#define SECURE_NO_CAP_AMBIENT_RAISE_LOCKED 7 /* make bit-6 immutable */ + +#define SECBIT_NO_CAP_AMBIENT_RAISE (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE)) +#define SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED \ + (issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED)) + #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ issecure_mask(SECURE_NO_SETUID_FIXUP) | \ - issecure_mask(SECURE_KEEP_CAPS)) + issecure_mask(SECURE_KEEP_CAPS) | \ + issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE)) #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) #endif /* _UAPI_LINUX_SECUREBITS_H */ |