Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D075AC433FE for ; Tue, 28 Dec 2021 13:28:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232642AbhL1N2C (ORCPT ); Tue, 28 Dec 2021 08:28:02 -0500 Received: from linux.microsoft.com ([13.77.154.182]:43272 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232647AbhL1N2A (ORCPT ); Tue, 28 Dec 2021 08:28:00 -0500 Received: from machine.localnet (lfbn-lyo-1-1484-111.w86-207.abo.wanadoo.fr [86.207.51.111]) by linux.microsoft.com (Postfix) with ESMTPSA id 0E57D20B7179; Tue, 28 Dec 2021 05:27:58 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0E57D20B7179 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1640698080; bh=v04Y7OlrPi4g7MuLah4XgXmxQpBK1O2dUAp8118zrbY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FgB2P5NkZFVFMhXhcocuMJrCXtBmp8pqVpwHkqdHlap/udBwSlqkOpg3aK+qbsLvh nUKQmquIy91EcgvDMtCbaL+y+qHbXnBJpQ5TWdAUMbh0N7AoTtSx7vbQKcC1eEVuuc Vllk9JekgHiIjdpctqaZ/QtCBk2RN911/IlGLi+4= From: Francis Laniel To: linux-kernel@vger.kernel.org, Casey Schaufler Cc: Serge Hallyn , linux-security-module@vger.kernel.org, Casey Schaufler Subject: Re: [RFC PATCH v1 1/2] capability: Add cap_strings. Date: Tue, 28 Dec 2021 14:27:56 +0100 Message-ID: <18436829.ogB85pbuhf@machine> In-Reply-To: <289c4134-1ac4-48fc-58ec-cab0bcb63268@schaufler-ca.com> References: <20211227205500.214777-1-flaniel@linux.microsoft.com> <20211227205500.214777-2-flaniel@linux.microsoft.com> <289c4134-1ac4-48fc-58ec-cab0bcb63268@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi. Le lundi 27 d=E9cembre 2021, 23:26:29 CET Casey Schaufler a =E9crit : > On 12/27/2021 12:54 PM, Francis Laniel wrote: > > This array contains the capability names for the given capabilitiy. > > For example, index CAP_BPF contains "CAP_BPF". > >=20 > > Signed-off-by: Francis Laniel > > --- > >=20 > > include/uapi/linux/capability.h | 1 + > > kernel/capability.c | 45 +++++++++++++++++++++++++++++++++ > > 2 files changed, 46 insertions(+) > >=20 > > diff --git a/include/uapi/linux/capability.h > > b/include/uapi/linux/capability.h index 463d1ba2232a..9646654d5111 1006= 44 > > --- a/include/uapi/linux/capability.h > > +++ b/include/uapi/linux/capability.h > > @@ -428,5 +428,6 @@ struct vfs_ns_cap_data { > >=20 > > #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 =3D=3D bits i= n __u32 > > */ > > #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u= 32 > > */ > >=20 > > +extern const char *cap_strings[]; > >=20 > > #endif /* _UAPI_LINUX_CAPABILITY_H */ > >=20 > > diff --git a/kernel/capability.c b/kernel/capability.c > > index 46a361dde042..5a2e71dcd87b 100644 > > --- a/kernel/capability.c > > +++ b/kernel/capability.c > > @@ -15,6 +15,7 @@ > >=20 > > #include > > #include > > #include > >=20 > > +#include > >=20 > > #include > > #include > > #include > >=20 > > @@ -27,6 +28,50 @@ > >=20 > > const kernel_cap_t __cap_empty_set =3D CAP_EMPTY_SET; > > EXPORT_SYMBOL(__cap_empty_set); > >=20 > > +const char *cap_strings[] =3D { > > + [CAP_CHOWN] =3D __stringify_1(CAP_CHOWN), >=20 > I may just be old and slow, but why is this better than >=20 > [CAP_CHOWN] =3D "CAP_CHOWN", Good catch, thank you for it, I just replaced the __stringify_1() by quotes. I thought of using __stringify_() because at first I thought of adding a ne= w=20 macro which would both define a new capability as well as adding to this ar= ray. But I think it is better to with this simple way rather than doing complica= ted=20 stuff. > > + [CAP_DAC_OVERRIDE] =3D __stringify_1(CAP_DAC_OVERRIDE), > > + [CAP_DAC_READ_SEARCH] =3D __stringify_1(CAP_DAC_READ_SEARCH), > > + [CAP_FOWNER] =3D __stringify_1(CAP_FOWNER), > > + [CAP_FSETID] =3D __stringify_1(CAP_FSETID), > > + [CAP_KILL] =3D __stringify_1(CAP_KILL), > > + [CAP_SETGID] =3D __stringify_1(CAP_SETGID), > > + [CAP_SETUID] =3D __stringify_1(CAP_SETUID), > > + [CAP_SETPCAP] =3D __stringify_1(CAP_SETPCAP), > > + [CAP_LINUX_IMMUTABLE] =3D __stringify_1(CAP_LINUX_IMMUTABLE), > > + [CAP_NET_BIND_SERVICE] =3D __stringify_1(CAP_NET_BIND_SERVICE), > > + [CAP_NET_BROADCAST] =3D __stringify_1(CAP_NET_BROADCAST), > > + [CAP_NET_ADMIN] =3D __stringify_1(CAP_NET_ADMIN), > > + [CAP_NET_RAW] =3D __stringify_1(CAP_NET_RAW), > > + [CAP_IPC_LOCK] =3D __stringify_1(CAP_IPC_LOCK), > > + [CAP_IPC_OWNER] =3D __stringify_1(CAP_IPC_OWNER), > > + [CAP_SYS_MODULE] =3D __stringify_1(CAP_SYS_MODULE), > > + [CAP_SYS_RAWIO] =3D __stringify_1(CAP_SYS_RAWIO), > > + [CAP_SYS_CHROOT] =3D __stringify_1(CAP_SYS_CHROOT), > > + [CAP_SYS_PTRACE] =3D __stringify_1(CAP_SYS_PTRACE), > > + [CAP_SYS_PACCT] =3D __stringify_1(CAP_SYS_PACCT), > > + [CAP_SYS_ADMIN] =3D __stringify_1(CAP_SYS_ADMIN), > > + [CAP_SYS_BOOT] =3D __stringify_1(CAP_SYS_BOOT), > > + [CAP_SYS_NICE] =3D __stringify_1(CAP_SYS_NICE), > > + [CAP_SYS_RESOURCE] =3D __stringify_1(CAP_SYS_RESOURCE), > > + [CAP_SYS_TIME] =3D __stringify_1(CAP_SYS_TIME), > > + [CAP_SYS_TTY_CONFIG] =3D __stringify_1(CAP_SYS_TTY_CONFIG), > > + [CAP_MKNOD] =3D __stringify_1(CAP_MKNOD), > > + [CAP_LEASE] =3D __stringify_1(CAP_LEASE), > > + [CAP_AUDIT_WRITE] =3D __stringify_1(CAP_AUDIT_WRITE), > > + [CAP_AUDIT_CONTROL] =3D __stringify_1(CAP_AUDIT_CONTROL), > > + [CAP_SETFCAP] =3D __stringify_1(CAP_SETFCAP), > > + [CAP_MAC_OVERRIDE] =3D __stringify_1(CAP_MAC_OVERRIDE), > > + [CAP_MAC_ADMIN] =3D __stringify_1(CAP_MAC_ADMIN), > > + [CAP_SYSLOG] =3D __stringify_1(CAP_SYSLOG), > > + [CAP_WAKE_ALARM] =3D __stringify_1(CAP_WAKE_ALARM), > > + [CAP_BLOCK_SUSPEND] =3D __stringify_1(CAP_BLOCK_SUSPEND), > > + [CAP_AUDIT_READ] =3D __stringify_1(CAP_AUDIT_READ), > > + [CAP_PERFMON] =3D __stringify_1(CAP_PERFMON), > > + [CAP_BPF] =3D __stringify_1(CAP_BPF), > > + [CAP_CHECKPOINT_RESTORE] =3D __stringify_1(CAP_CHECKPOINT_RESTORE), > > +}; > > + > >=20 > > int file_caps_enabled =3D 1; > > =20 > > static int __init file_caps_disable(char *str)