o Add POSIX1E_CAPABILITY_EXTATTR_NAME, a string constant for the

extended attribute name used to store capabilities for binaries in FFS. o Uncomment CAP_SETPCAP because, unfortunately, it is useful when developing and testing, as well as in practice for a system not fully capability-enabled. o Synch up prototypes with the implementation, reducing diffs and making the patches for capabilities more accessible and less dastardly. Obtained from: TrustedBSD Project
svn path=/head/; revision=64407
2025-01-08 13:28:05 +00:00 · 2000-08-08 18:47:59 +00:00 · 2000-08-08 18:47:59 +00:00 · 00d322883a · 2020-12-20 02:59:44 +00:00
commit 00d322883a
parent e6a9ab52db
1 changed files with 6 additions and 3 deletions
--- a/sys/sys/capability.h
+++ b/sys/sys/capability.h
@ -36,6 +36,8 @@
 #ifndef _SYS_CAPABILITY_H
 #define	_SYS_CAPABILITY_H

+#define	POSIX1E_CAPABILITY_EXTATTR_NAME	"$posix1e.cap"
+
 #define	__CAP_MASK_LEN	2

 typedef int	cap_flag_t;
@ -120,8 +122,8 @@ typedef struct cap	*cap_t;

 /*
 * The following capability, borrowed from Linux, is unsafe
- * #define	CAP_SETPCAP		(0x00000100 | SYSTEM_CAPABILITY)
 */
+#define	CAP_SETPCAP		(0x00000100 | SYSTEM_CAPABILITY)
 /*
 * The following capability, borrowed from Linux, is not appropriate
 * in the BSD file environment
@ -155,10 +157,11 @@ typedef struct cap	*cap_t;

 struct proc;
 struct ucred;
-int	cap_change_on_inherit(struct cap *);
+struct vnode;
 int	cap_check(struct proc *, cap_value_t);
 int	cap_check_xxx(struct ucred *, struct proc *, cap_value_t, int);
-void	cap_inherit(struct cap *);
+int	cap_change_on_inherit(struct cap *cap_p);
+void	cap_inherit(struct vnode *vp, struct proc *p);
 void	cap_init_proc0(struct cap *);
 void	cap_init_proc1(struct cap *);