Enum rustix::thread::prctl::Capability
source · #[repr(u32)]pub enum Capability {
Show 41 variants
ChangeOwnership = 0,
DACOverride = 1,
DACReadSearch = 2,
FileOwner = 3,
FileSetID = 4,
Kill = 5,
SetGroupID = 6,
SetUserID = 7,
SetPermittedCapabilities = 8,
LinuxImmutable = 9,
NetBindService = 10,
NetBroadcast = 11,
NetAdmin = 12,
NetRaw = 13,
IPCLock = 14,
IPCOwner = 15,
SystemModule = 16,
SystemRawIO = 17,
SystemChangeRoot = 18,
SystemProcessTrace = 19,
SystemProcessAccounting = 20,
SystemAdmin = 21,
SystemBoot = 22,
SystemNice = 23,
SystemResource = 24,
SystemTime = 25,
SystemTTYConfig = 26,
MakeNode = 27,
Lease = 28,
AuditWrite = 29,
AuditControl = 30,
SetFileCapabilities = 31,
MACOverride = 32,
MACAdmin = 33,
SystemLog = 34,
WakeAlarm = 35,
BlockSuspend = 36,
AuditRead = 37,
PerformanceMonitoring = 38,
BerkeleyPacketFilters = 39,
CheckpointRestore = 40,
}
Expand description
Linux per-thread capability.
Variants§
ChangeOwnership = 0
In a system with the _POSIX_CHOWN_RESTRICTED
option defined, this
overrides the restriction of changing file ownership and group
ownership.
DACOverride = 1
Override all DAC access, including ACL execute access if _POSIX_ACL
is defined. Excluding DAC access covered by
Capability::LinuxImmutable
.
DACReadSearch = 2
Overrides all DAC restrictions regarding read and search on files and
directories, including ACL restrictions if _POSIX_ACL
is defined.
Excluding DAC access covered by Capability::LinuxImmutable
.
FileOwner = 3
Overrides all restrictions about allowed operations on files, where
file owner ID must be equal to the user ID, except where
Capability::FileSetID
is applicable. It doesn’t override MAC
and DAC restrictions.
FileSetID = 4
Overrides the following restrictions that the effective user ID shall
match the file owner ID when setting the S_ISUID
and S_ISGID
bits on that file; that the effective group ID (or one of the
supplementary group IDs) shall match the file owner ID when setting the
S_ISGID
bit on that file; that the S_ISUID
and S_ISGID
bits are
cleared on successful return from chown
(not implemented).
Kill = 5
Overrides the restriction that the real or effective user ID of a process sending a signal must match the real or effective user ID of the process receiving the signal.
SetGroupID = 6
Allows setgid
manipulation. Allows setgroups
. Allows forged gids on
socket credentials passing.
SetUserID = 7
Allows set*uid
manipulation (including fsuid). Allows forged pids on
socket credentials passing.
SetPermittedCapabilities = 8
Without VFS support for capabilities:
- Transfer any capability in your permitted set to any pid.
- remove any capability in your permitted set from any pid. With VFS support for capabilities (neither of above, but)
- Add any capability from current’s capability bounding set to the current process’ inheritable set.
- Allow taking bits out of capability bounding set.
- Allow modification of the securebits for a process.
LinuxImmutable = 9
Allow modification of S_IMMUTABLE
and S_APPEND
file attributes.
NetBindService = 10
Allows binding to TCP/UDP sockets below 1024. Allows binding to ATM VCIs below 32.
NetBroadcast = 11
Allow broadcasting, listen to multicast.
NetAdmin = 12
Allow interface configuration. Allow administration of IP firewall,
masquerading and accounting. Allow setting debug option on sockets.
Allow modification of routing tables. Allow setting arbitrary
process / process group ownership on sockets. Allow binding to any
address for transparent proxying (also via Capability::NetRaw
).
Allow setting TOS (type of service). Allow setting promiscuous
mode. Allow clearing driver statistics. Allow multicasting. Allow
read/write of device-specific registers. Allow activation of ATM
control sockets.
NetRaw = 13
Allow use of RAW
sockets. Allow use of PACKET
sockets. Allow
binding to any address for transparent proxying (also via
Capability::NetAdmin
).
IPCLock = 14
Allow locking of shared memory segments. Allow mlock and mlockall (which doesn’t really have anything to do with IPC).
IPCOwner = 15
Override IPC ownership checks.
SystemModule = 16
Insert and remove kernel modules - modify kernel without limit.
SystemRawIO = 17
Allow ioperm/iopl access. Allow sending USB messages to any device via
/dev/bus/usb
.
SystemChangeRoot = 18
Allow use of chroot
.
SystemProcessTrace = 19
Allow ptrace
of any process.
SystemProcessAccounting = 20
Allow configuration of process accounting.
SystemAdmin = 21
Allow configuration of the secure attention key. Allow administration
of the random device. Allow examination and configuration of disk
quotas. Allow setting the domainname. Allow setting the hostname.
Allow mount
and umount
, setting up new smb connection.
Allow some autofs root ioctls. Allow nfsservctl. Allow
VM86_REQUEST_IRQ
. Allow to read/write pci config on alpha. Allow
irix_prctl
on mips (setstacksize). Allow flushing all cache on
m68k (sys_cacheflush
). Allow removing semaphores. Used instead of
Capability::ChangeOwnership
to “chown” IPC message queues,
semaphores and shared memory. Allow locking/unlocking of shared
memory segment. Allow turning swap on/off. Allow forged pids on
socket credentials passing. Allow setting readahead and
flushing buffers on block devices. Allow setting geometry in floppy
driver. Allow turning DMA on/off in xd
driver. Allow
administration of md devices (mostly the above, but some
extra ioctls). Allow tuning the ide driver. Allow access to the nvram
device. Allow administration of apm_bios
, serial and bttv (TV)
device. Allow manufacturer commands in isdn CAPI support driver.
Allow reading non-standardized portions of pci configuration space.
Allow DDI debug ioctl on sbpcd driver. Allow setting up serial ports.
Allow sending raw qic-117 commands. Allow enabling/disabling tagged
queuing on SCSI controllers and sending arbitrary SCSI commands.
Allow setting encryption key on loopback filesystem. Allow setting
zone reclaim policy. Allow everything under
Capability::BerkeleyPacketFilters
and
Capability::PerformanceMonitoring
for backward compatibility.
SystemBoot = 22
Allow use of reboot
.
SystemNice = 23
Allow raising priority and setting priority on other (different UID) processes. Allow use of FIFO and round-robin (realtime) scheduling on own processes and setting the scheduling algorithm used by another process. Allow setting cpu affinity on other processes. Allow setting realtime ioprio class. Allow setting ioprio class on other processes.
SystemResource = 24
Override resource limits. Set resource limits. Override quota limits. Override reserved space on ext2 filesystem. Modify data journaling mode on ext3 filesystem (uses journaling resources). NOTE: ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too. Override size restrictions on IPC message queues. Allow more than 64hz interrupts from the real-time clock. Override max number of consoles on console allocation. Override max number of keymaps. Control memory reclaim behavior.
SystemTime = 25
Allow manipulation of system clock. Allow irix_stime
on mips. Allow
setting the real-time clock.
SystemTTYConfig = 26
Allow configuration of tty devices. Allow vhangup
of tty.
MakeNode = 27
Allow the privileged aspects of mknod
.
Lease = 28
Allow taking of leases on files.
AuditWrite = 29
Allow writing the audit log via unicast netlink socket.
AuditControl = 30
Allow configuration of audit via unicast netlink socket.
SetFileCapabilities = 31
Set or remove capabilities on files. Map uid=0
into a child user
namespace.
MACOverride = 32
Override MAC access. The base kernel enforces no MAC policy. An LSM may enforce a MAC policy, and if it does and it chooses to implement capability based overrides of that policy, this is the capability it should use to do so.
MACAdmin = 33
Allow MAC configuration or state changes. The base kernel requires no MAC configuration. An LSM may enforce a MAC policy, and if it does and it chooses to implement capability based checks on modifications to that policy or the data required to maintain it, this is the capability it should use to do so.
SystemLog = 34
Allow configuring the kernel’s syslog
(printk
behaviour).
WakeAlarm = 35
Allow triggering something that will wake the system.
BlockSuspend = 36
Allow preventing system suspends.
AuditRead = 37
Allow reading the audit log via multicast netlink socket.
PerformanceMonitoring = 38
Allow system performance and observability privileged operations using
perf_events
, i915_perf
and other kernel subsystems.
BerkeleyPacketFilters = 39
This capability allows the following BPF operations:
- Creating all types of BPF maps
- Advanced verifier features
- Indirect variable access
- Bounded loops
- BPF to BPF function calls
- Scalar precision tracking
- Larger complexity limits
- Dead code elimination
- And potentially other features
- Loading BPF Type Format (BTF) data
- Retrieve
xlated
and JITed code of BPF programs - Use
bpf_spin_lock
helper
Capability::PerformanceMonitoring
relaxes the verifier checks
further:
- BPF progs can use of pointer-to-integer conversions
- speculation attack hardening measures are bypassed
bpf_probe_read
to read arbitrary kernel memory is allowedbpf_trace_printk
to print kernel memory is allowed
Capability::SystemAdmin
is required to use bpf_probe_write_user
.
Capability::SystemAdmin
is required to iterate system-wide loaded
programs, maps, links, and BTFs, and convert their IDs to file
descriptors.
Capability::PerformanceMonitoring
and
Capability::BerkeleyPacketFilters
are required to load tracing
programs. Capability::NetAdmin
and
Capability::BerkeleyPacketFilters
are required to load
networking programs.
CheckpointRestore = 40
Allow checkpoint/restore related operations. Allow PID selection during
clone3
. Allow writing to ns_last_pid
.
Trait Implementations§
source§impl Clone for Capability
impl Clone for Capability
source§fn clone(&self) -> Capability
fn clone(&self) -> Capability
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Capability
impl Debug for Capability
source§impl PartialEq for Capability
impl PartialEq for Capability
source§fn eq(&self, other: &Capability) -> bool
fn eq(&self, other: &Capability) -> bool
self
and other
values to be equal, and is used
by ==
.