| 123456789101112131415161718192021222324252627282930313233343536 |
- /*
- * Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 2.1
- * as published by the Free Software Foundation
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
- #ifndef _JAIL_CAPABILITIES_H_
- #define _JAIL_CAPABILITIES_H_
- #include <libubox/blobmsg.h>
- #include <linux/capability.h>
- struct jail_capset {
- uint64_t bounding;
- uint64_t effective;
- uint64_t inheritable;
- uint64_t permitted;
- uint64_t ambient;
- uint8_t apply;
- };
- int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
- int parseOCIcapabilities_from_file(struct jail_capset *capset, const char *file);
- int applyOCIcapabilities(struct jail_capset capset, uint64_t retain);
- /* capget/capset syscall wrappers are provided by libc */
- extern int capget(cap_user_header_t header, cap_user_data_t data);
- extern int capset(cap_user_header_t header, const cap_user_data_t data);
- #endif
|
