jail/capabilities.h

   1 /*
   2  * Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com>
   3  *
   4  * This program is free software; you can redistribute it and/or modify
   5  * it under the terms of the GNU Lesser General Public License version 2.1
   6  * as published by the Free Software Foundation
   7  *
   8  * This program is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11  * GNU General Public License for more details.
  12  */
  13 #ifndef _JAIL_CAPABILITIES_H_
  14 #define _JAIL_CAPABILITIES_H_
  15
  16 #include <libubox/blobmsg.h>
  17 #include <linux/capability.h>
  18
  19 struct jail_capset {
  20         uint64_t bounding;
  21         uint64_t effective;
  22         uint64_t inheritable;
  23         uint64_t permitted;
  24         uint64_t ambient;
  25         uint8_t apply;
  26 };
  27
  28 int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
  29 int parseOCIcapabilities_from_file(struct jail_capset *capset, const char *file);
  30 int applyOCIcapabilities(struct jail_capset capset, uint64_t retain);
  31
  32 /* capget/capset syscall wrappers are provided by libc */
  33 extern int capget(cap_user_header_t header, cap_user_data_t data);
  34 extern int capset(cap_user_header_t header, const cap_user_data_t data);
  35
  36 #endif