Hello Marcelo
After doing a fairly extensive scan of the 2.4.18 source code, I notice that
a few comments in include/linux/capabilities.h were wrong, and that a few
more things could be added.
Cheers
Miichael
--- linux-2.4.18/include/linux/capability.h Mon Jun 24 10:07:00 2002
+++ linux/include/linux/capability.h Wed Jun 26 12:52:04 2002
@@ -90,12 +90,12 @@
#define CAP_FOWNER 3
-/* Overrides the following restrictions that the effective user ID
- shall match the file owner ID when setting the S_ISUID and S_ISGID
- bits on that file; that the effective group ID (or one of the
- supplementary group IDs) shall match the file owner ID when setting
- the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
- cleared on successful return from chown(2) (not implemented). */
+/* Overrides the following restrictions that:
+ the S_ISUID and S_ISGID bits will be turned off when a file is modified;
+ the effective group ID (or one of the supplementary group IDs) shall
+ match the file owner ID when setting the S_ISGID bit on that file;
+ the S_ISUID and S_ISGID bits are cleared on successful return
+ from chown(2) (not implemented). */
#define CAP_FSETID 4
@@ -104,7 +104,7 @@
#define CAP_FS_MASK 0x1f
/* Overrides the restriction that the real or effective user ID of a
- process sending a signal must match the real or effective user ID
+ process sending a signal must match the real or saved-set-user ID
of the process receiving the signal. */
#define CAP_KILL 5
@@ -116,7 +116,7 @@
#define CAP_SETGID 6
/* Allows set*uid(2) manipulation (including fsuid). */
-/* Allows forged pids on socket credentials passing. */
+/* Allows forged uids on socket credentials passing. */
#define CAP_SETUID 7
@@ -139,7 +139,7 @@
#define CAP_NET_BIND_SERVICE 10
-/* Allow broadcasting, listen to multicast */
+/* Allow broadcasting, listen to multicast (unused) */
#define CAP_NET_BROADCAST 11
@@ -210,7 +210,7 @@
/* Allow irix_prctl on mips (setstacksize) */
/* Allow flushing all cache on m68k (sys_cacheflush) */
/* Allow removing semaphores */
-/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
+/* Perform IPC_SET and IPC_RMID operations on IPC message queues,
semaphores
and shared memory */
/* Allow locking/unlocking of shared memory segment */
/* Allow turning swap on/off */
@@ -231,6 +231,8 @@
/* Allow enabling/disabling tagged queuing on SCSI controllers and sending
arbitrary SCSI commands */
/* Allow setting encryption key on loopback filesystem */
+/* Allow calling of setdomainname() and sethostname() */
+/* Allow RLIMIT_NPROC to be overridden */
#define CAP_SYS_ADMIN 21
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jun 30 2002 - 22:00:10 EST