Path: blob/main/contrib/capsicum-test/capsicum-linux.h
39475 views
#ifndef __CAPSICUM_LINUX_H__1#define __CAPSICUM_LINUX_H__23#ifdef __linux__4/************************************************************5* Linux Capsicum Functionality.6************************************************************/7#include <errno.h>8#include <sys/procdesc.h>9#include <sys/capsicum.h>1011#define HAVE_CAP_RIGHTS_LIMIT12#define HAVE_CAP_RIGHTS_GET13#define HAVE_CAP_FCNTLS_LIMIT14#define HAVE_CAP_IOCTLS_LIMIT15#define HAVE_PROC_FDINFO16#define HAVE_PDWAIT417#define CAP_FROM_ACCEPT18// TODO(drysdale): uncomment if/when Linux propagates rights on sctp_peeloff.19// Linux does not generate a capability from sctp_peeloff(cap_fd,...).20// #define CAP_FROM_PEELOFF21// TODO(drysdale): uncomment if/when Linux allows intermediate .. path segments22// for openat()-like operations.23// #define HAVE_OPENAT_INTERMEDIATE_DOTDOT2425// Failure to open file due to path traversal generates EPERM26#ifdef ENOTBENEATH27#define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH28#define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH29#else30#define E_NO_TRAVERSE_CAPABILITY EPERM31#define E_NO_TRAVERSE_O_BENEATH EPERM32#endif3334// Too many links35#define E_TOO_MANY_LINKS ELOOP3637#endif /* __linux__ */3839#endif /*__CAPSICUM_LINUX_H__*/404142