blob: d8c6b8d60b56e5285b54df2c45a2de9f9e87d1d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
/*
* Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef _JAIL_CAPABILITIES_H_
#define _JAIL_CAPABILITIES_H_
#include <libubox/blobmsg.h>
#include <linux/capability.h>
struct jail_capset {
uint64_t bounding;
uint64_t effective;
uint64_t inheritable;
uint64_t permitted;
uint64_t ambient;
uint8_t apply;
};
int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
int parseOCIcapabilities_from_file(struct jail_capset *capset, const char *file);
int applyOCIcapabilities(struct jail_capset capset, uint64_t retain);
/* capget/capset syscall wrappers are provided by libc */
extern int capget(cap_user_header_t header, cap_user_data_t data);
extern int capset(cap_user_header_t header, const cap_user_data_t data);
#endif
|
