Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2689231imi; Mon, 25 Jul 2022 05:48:03 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sGB41YtrSD1il5J4O19mKTUaR56uFxGkmPCMvDSU4H2looj6iNlY7Nd8t6lLxbojxc43J2 X-Received: by 2002:a17:907:6d01:b0:72f:53f:7a25 with SMTP id sa1-20020a1709076d0100b0072f053f7a25mr9716576ejc.126.1658753283549; Mon, 25 Jul 2022 05:48:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658753283; cv=none; d=google.com; s=arc-20160816; b=pKOQt3I8aFdA/EW706Mncco4a1JdzJp/pnaOZTBJb2f4loNxJOqkdD2BNFeTvkQejJ A9WRpgd2f9X/8yIHW2RFysBRGz/W7WNzip8mn4KoaLpVrpBlCmcfT8Lqe3h2CbHUGcq3 g+7Dv3nG/Vur/PQ+R0U1tbpIn4hgnieRP77oN03GcAyTMvA8E5ObJNr6dTt+T/AnI7G2 mesNJ1InYH18qc23OFSkWCXEKrBMmE+nmm1yKMFyHCQGZJkE7a5yOuS7eWJlQIYE4JyH y0pCh+Vh0FjYYS6taWUAoL6jSkUHe8d+IYj+XPmxN8HFLs4vtaeddNbrGyr6ZZNsMgHx Ts5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=eP40915vgoBrG96hKTUVxcYImLSDsKFEvVRuWZFLCaA=; b=yM2CezjPSVyL4eEGCzfdg/COTnMfNstEEMGPya09EJlgjNRMzsTfpgD90u4QZY53ci evtuCfZigUyjiqCvj0cNIlw9wxfFkoIq7ZGcAK7I9Zfzufj7kd5agSk1e7rR953UYbiO nx4vn60Qtw/i5uTjn7vVV5pU4tpzasQGqC74cMZJHiV/43ub56WxlJ+R1+8qIRTka0+b qR7dTK2KKpqywgwZej6UTs+aVxhos30Rnd27i46pmr4GpaAtbGK2l5HESx8bOgU6zjOQ x01SloajB49P4piAd3kua3sisiV1IdNBW2f0sZ48Q8iWZTGFABkcNCqnr33u7t0OYoJC e5Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=MqCi3j+3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g11-20020a056402424b00b0043bd7476f3bsi9362086edb.487.2022.07.25.05.47.38; Mon, 25 Jul 2022 05:48:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=MqCi3j+3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234812AbiGYMmV (ORCPT + 99 others); Mon, 25 Jul 2022 08:42:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235152AbiGYMmP (ORCPT ); Mon, 25 Jul 2022 08:42:15 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 71763EA5; Mon, 25 Jul 2022 05:42:14 -0700 (PDT) Received: from pwmachine.numericable.fr (82.65.121.78.rev.sfr.net [78.121.65.82]) by linux.microsoft.com (Postfix) with ESMTPSA id 73FE620FE2EF; Mon, 25 Jul 2022 05:42:12 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 73FE620FE2EF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1658752934; bh=eP40915vgoBrG96hKTUVxcYImLSDsKFEvVRuWZFLCaA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MqCi3j+3MBTonE5wv1O9LN+FyrEtNU2oDfrNWw+iNlYuGfrM9AS1KRx89MSePuHmK jC7upqTT2u7ITKmj1wJpgJBKxrAT3NdjbBna+E2YZlrdaJraJhK3uBor7Weoho4hZa yQU9a5IloIUNytZu7K/3A9BpXzoUMvPnrE0lC8Xs= From: Francis Laniel To: linux-security-module@vger.kernel.org Cc: Casey Schaufler , Eric Biederman , Francis Laniel , Serge Hallyn , James Morris , linux-kernel@vger.kernel.org (open list) Subject: [RFC PATCH v4 1/2] capability: Add cap_string. Date: Mon, 25 Jul 2022 14:41:22 +0200 Message-Id: <20220725124123.12975-2-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220725124123.12975-1-flaniel@linux.microsoft.com> References: <20220725124123.12975-1-flaniel@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This string contains on each line the number of the capability associated to its name. For example, first line is: __stringify(CAP_CHOWN) "\tCAP_CHOWN\n" which the preprocessor will replace by: "0\tCAP_CHOWN\n" Acked-by: Casey Schaufler Signed-off-by: Francis Laniel --- include/uapi/linux/capability.h | 1 + kernel/capability.c | 45 +++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index 463d1ba2232a..115f4fef00da 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h @@ -428,5 +428,6 @@ struct vfs_ns_cap_data { #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ +extern const char *cap_string; #endif /* _UAPI_LINUX_CAPABILITY_H */ diff --git a/kernel/capability.c b/kernel/capability.c index 765194f5d678..4cd0ce07458b 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -27,6 +28,50 @@ const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET; EXPORT_SYMBOL(__cap_empty_set); +const char *cap_string = + __stringify(CAP_CHOWN) "\tCAP_CHOWN\n" + __stringify(CAP_DAC_OVERRIDE) "\tCAP_DAC_OVERRIDE\n" + __stringify(CAP_DAC_READ_SEARCH) "\tCAP_DAC_READ_SEARCH\n" + __stringify(CAP_FOWNER) "\tCAP_FOWNER\n" + __stringify(CAP_FSETID) "\tCAP_FSETID\n" + __stringify(CAP_KILL) "\tCAP_KILL\n" + __stringify(CAP_SETGID) "\tCAP_SETGID\n" + __stringify(CAP_SETUID) "\tCAP_SETUID\n" + __stringify(CAP_SETPCAP) "\tCAP_SETPCAP\n" + __stringify(CAP_LINUX_IMMUTABLE) "\tCAP_LINUX_IMMUTABLE\n" + __stringify(CAP_NET_BIND_SERVICE) "\tCAP_NET_BIND_SERVICE\n" + __stringify(CAP_NET_BROADCAST) "\tCAP_NET_BROADCAST\n" + __stringify(CAP_NET_ADMIN) "\tCAP_NET_ADMIN\n" + __stringify(CAP_NET_RAW) "\tCAP_NET_RAW\n" + __stringify(CAP_IPC_LOCK) "\tCAP_IPC_LOCK\n" + __stringify(CAP_IPC_OWNER) "\tCAP_IPC_OWNER\n" + __stringify(CAP_SYS_MODULE) "\tCAP_SYS_MODULE\n" + __stringify(CAP_SYS_RAWIO) "\tCAP_SYS_RAWIO\n" + __stringify(CAP_SYS_CHROOT) "\tCAP_SYS_CHROOT\n" + __stringify(CAP_SYS_PTRACE) "\tCAP_SYS_PTRACE\n" + __stringify(CAP_SYS_PACCT) "\tCAP_SYS_PACCT\n" + __stringify(CAP_SYS_ADMIN) "\tCAP_SYS_ADMIN\n" + __stringify(CAP_SYS_BOOT) "\tCAP_SYS_BOOT\n" + __stringify(CAP_SYS_NICE) "\tCAP_SYS_NICE\n" + __stringify(CAP_SYS_RESOURCE) "\tCAP_SYS_RESOURCE\n" + __stringify(CAP_SYS_TIME) "\tCAP_SYS_TIME\n" + __stringify(CAP_SYS_TTY_CONFIG) "\tCAP_SYS_TTY_CONFIG\n" + __stringify(CAP_MKNOD) "\tCAP_MKNOD\n" + __stringify(CAP_LEASE) "\tCAP_LEASE\n" + __stringify(CAP_AUDIT_WRITE) "\tCAP_AUDIT_WRITE\n" + __stringify(CAP_AUDIT_CONTROL) "\tCAP_AUDIT_CONTROL\n" + __stringify(CAP_SETFCAP) "\tCAP_SETFCAP\n" + __stringify(CAP_MAC_OVERRIDE) "\tCAP_MAC_OVERRIDE\n" + __stringify(CAP_MAC_ADMIN) "\tCAP_MAC_ADMIN\n" + __stringify(CAP_SYSLOG) "\tCAP_SYSLOG\n" + __stringify(CAP_WAKE_ALARM) "\tCAP_WAKE_ALARM\n" + __stringify(CAP_BLOCK_SUSPEND) "\tCAP_BLOCK_SUSPEND\n" + __stringify(CAP_AUDIT_READ) "\tCAP_AUDIT_READ\n" + __stringify(CAP_PERFMON) "\tCAP_PERFMON\n" + __stringify(CAP_BPF) "\tCAP_BPF\n" + __stringify(CAP_CHECKPOINT_RESTORE) "\tCAP_CHECKPOINT_RESTORE\n" +; + int file_caps_enabled = 1; static int __init file_caps_disable(char *str) -- 2.25.1