diff options
Diffstat (limited to 'cap/names.go')
-rw-r--r-- | cap/names.go | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/cap/names.go b/cap/names.go index 8ee96d1..2655380 100644 --- a/cap/names.go +++ b/cap/names.go @@ -2,8 +2,8 @@ package cap /* ** DO NOT EDIT THIS FILE. IT WAS AUTO-GENERATED BY LIBCAP'S GO BUILDER (mknames.go) ** */ -// NamedCount holds the number of capability values with official -// names known at the time this libcap/cap version, was released. The +// NamedCount holds the number of capability values, with official +// names, known at the time this libcap/cap version was released. The // "../libcap/cap" package is fully able to manipulate higher numbered // capability values by numerical value. However, if you find // cap.NamedCount < cap.MaxBits(), it is probably time to upgrade this @@ -42,6 +42,10 @@ const ( // where file owner ID should otherwise need be equal to // the UID, except where cap.FSETID is applicable. It // doesn't override MAC and DAC restrictions. + // + // This capability permits the deletion of a file owned + // by another UID in a directory protected by the sticky + // (t) bit. FOWNER // FSETID allows a process to set the S_ISUID and S_ISUID bits of @@ -70,24 +74,29 @@ const ( SETUID // SETPCAP allows a process to freely manipulate its inheritable - // capabilities. Linux supports the POSIX.1e Inheritable - // set, as well as Bounding and Ambient Linux extension - // vectors. This capability permits dropping bits from the - // Bounding vector. It also permits the process to raise - // Ambient vector bits that are both raised in the - // Permitted and Inheritable sets of the process. This - // capability cannot be used to raise Permitted bits, or - // Effective bits beyond those already present in the - // process' permitted set. + // capabilities. + // + // Linux supports the POSIX.1e Inheritable set, the POXIX.1e (X + // vector) known in Linux as the Bounding vector, as well as + // the Linux extension Ambient vector. + // + // This capability permits dropping bits from the Bounding + // vector (ie. raising B bits in the libcap IAB + // representation). It also permits the process to raise + // Ambient vector bits that are both raised in the Permitted + // and Inheritable sets of the process. This capability cannot + // be used to raise Permitted bits, Effective bits beyond those + // already present in the process' permitted set, or + // Inheritable bits beyond those present in the Bounding + // vector. // - // [Historical note: prior to the advent of file - // capabilities (2008), this capability was suppressed by - // default, as its unsuppressed behavior was not - // auditable: it could asynchronously grant its own - // Permitted capabilities to and remove capabilities from - // other processes arbitrarily. The former leads to - // undefined behavior, and the latter is better served by - // the kill system call.] + // [Historical note: prior to the advent of file capabilities + // (2008), this capability was suppressed by default, as its + // unsuppressed behavior was not auditable: it could + // asynchronously grant its own Permitted capabilities to and + // remove capabilities from other processes arbitrarily. The + // former leads to undefined behavior, and the latter is better + // served by the kill system call.] SETPCAP // LINUX_IMMUTABLE allows a process to modify the S_IMMUTABLE and |