From patchwork Mon Jan 17 14:12:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Francis Laniel X-Patchwork-Id: 12715449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A529C433FE for ; Mon, 17 Jan 2022 14:13:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235121AbiAQONY (ORCPT ); Mon, 17 Jan 2022 09:13:24 -0500 Received: from linux.microsoft.com ([13.77.154.182]:54212 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236238AbiAQONX (ORCPT ); Mon, 17 Jan 2022 09:13:23 -0500 Received: from machine.home (lfbn-lyo-1-1484-111.w86-207.abo.wanadoo.fr [86.207.51.111]) by linux.microsoft.com (Postfix) with ESMTPSA id A6C9920B9132; Mon, 17 Jan 2022 06:13:21 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A6C9920B9132 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1642428802; bh=g7N7sfYLlsw3Se/LgOETJWnN/nS4JN3uvztiyC1WyDI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QIA4T0tCCem2JnWVe3goJY2Mv06pvKGSoPmBqpxqnHj5b1n6C8Q5qbt+OGB0Rjvuc 8sQF6pTy9UTSdsaUOl1+Lw12kgdR4c7xaqz4NYQX/nt9tXauTYztkxnrWjlI53kRGv a+Jsr9YW6xx9IpMvWXYoJNDWU8xKRuvLIHnxTQV4= From: Francis Laniel To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, Serge Hallyn , Casey Schaufler , Francis Laniel Subject: [RFC PATCH v2 1/2] capability: Add cap_strings. Date: Mon, 17 Jan 2022 15:12:53 +0100 Message-Id: <20220117141254.46278-2-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220117141254.46278-1-flaniel@linux.microsoft.com> References: <20220117141254.46278-1-flaniel@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: This array contains the capability names for the given capabilitiy. For example, index CAP_BPF contains "CAP_BPF". Signed-off-by: Francis Laniel --- include/uapi/linux/capability.h | 1 + kernel/capability.c | 44 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index 463d1ba2232a..9646654d5111 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h @@ -428,5 +428,6 @@ struct vfs_ns_cap_data { #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ +extern const char *cap_strings[]; #endif /* _UAPI_LINUX_CAPABILITY_H */ diff --git a/kernel/capability.c b/kernel/capability.c index 46a361dde042..cd386419f2b7 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -27,6 +27,50 @@ const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET; EXPORT_SYMBOL(__cap_empty_set); +const char *cap_strings[] = { + [CAP_CHOWN] = "CAP_CHOWN", + [CAP_DAC_OVERRIDE] = "CAP_DAC_OVERRIDE", + [CAP_DAC_READ_SEARCH] = "CAP_DAC_READ_SEARCH", + [CAP_FOWNER] = "CAP_FOWNER", + [CAP_FSETID] = "CAP_FSETID", + [CAP_KILL] = "CAP_KILL", + [CAP_SETGID] = "CAP_SETGID", + [CAP_SETUID] = "CAP_SETUID", + [CAP_SETPCAP] = "CAP_SETPCAP", + [CAP_LINUX_IMMUTABLE] = "CAP_LINUX_IMMUTABLE", + [CAP_NET_BIND_SERVICE] = "CAP_NET_BIND_SERVICE", + [CAP_NET_BROADCAST] = "CAP_NET_BROADCAST", + [CAP_NET_ADMIN] = "CAP_NET_ADMIN", + [CAP_NET_RAW] = "CAP_NET_RAW", + [CAP_IPC_LOCK] = "CAP_IPC_LOCK", + [CAP_IPC_OWNER] = "CAP_IPC_OWNER", + [CAP_SYS_MODULE] = "CAP_SYS_MODULE", + [CAP_SYS_RAWIO] = "CAP_SYS_RAWIO", + [CAP_SYS_CHROOT] = "CAP_SYS_CHROOT", + [CAP_SYS_PTRACE] = "CAP_SYS_PTRACE", + [CAP_SYS_PACCT] = "CAP_SYS_PACCT", + [CAP_SYS_ADMIN] = "CAP_SYS_ADMIN", + [CAP_SYS_BOOT] = "CAP_SYS_BOOT", + [CAP_SYS_NICE] = "CAP_SYS_NICE", + [CAP_SYS_RESOURCE] = "CAP_SYS_RESOURCE", + [CAP_SYS_TIME] = "CAP_SYS_TIME", + [CAP_SYS_TTY_CONFIG] = "CAP_SYS_TTY_CONFIG", + [CAP_MKNOD] = "CAP_MKNOD", + [CAP_LEASE] = "CAP_LEASE", + [CAP_AUDIT_WRITE] = "CAP_AUDIT_WRITE", + [CAP_AUDIT_CONTROL] = "CAP_AUDIT_CONTROL", + [CAP_SETFCAP] = "CAP_SETFCAP", + [CAP_MAC_OVERRIDE] = "CAP_MAC_OVERRIDE", + [CAP_MAC_ADMIN] = "CAP_MAC_ADMIN", + [CAP_SYSLOG] = "CAP_SYSLOG", + [CAP_WAKE_ALARM] = "CAP_WAKE_ALARM", + [CAP_BLOCK_SUSPEND] = "CAP_BLOCK_SUSPEND", + [CAP_AUDIT_READ] = "CAP_AUDIT_READ", + [CAP_PERFMON] = "CAP_PERFMON", + [CAP_BPF] = "CAP_BPF", + [CAP_CHECKPOINT_RESTORE] = "CAP_CHECKPOINT_RESTORE", +}; + int file_caps_enabled = 1; static int __init file_caps_disable(char *str) From patchwork Mon Jan 17 14:12:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Francis Laniel X-Patchwork-Id: 12715450 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCA9EC433EF for ; Mon, 17 Jan 2022 14:13:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235862AbiAQON2 (ORCPT ); Mon, 17 Jan 2022 09:13:28 -0500 Received: from linux.microsoft.com ([13.77.154.182]:54228 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236448AbiAQON0 (ORCPT ); Mon, 17 Jan 2022 09:13:26 -0500 Received: from machine.home (lfbn-lyo-1-1484-111.w86-207.abo.wanadoo.fr [86.207.51.111]) by linux.microsoft.com (Postfix) with ESMTPSA id ED07A20B9135; Mon, 17 Jan 2022 06:13:23 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com ED07A20B9135 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1642428805; bh=21h2IU25StSfVm+H1A8EsuYeCqu3xLP7bthO+pzdaTY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XvJHVtjvEb0KCB6u4zmB6B/NN5V6AUu3oGF6oUeP9RdOl/s/OBkjgfxXJtrjS4NKH cGBRcG4rjxZZqATKDRhmg3eGQAPfGCEaHq68w10ow8miw+8RfepegGUCmAFVUsUvrH CD65BJ8AdGT9EWPAb6J5lXasZkdocfzUrLoRvVFc= From: Francis Laniel To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, Serge Hallyn , Casey Schaufler , Francis Laniel Subject: [RFC PATCH v2 2/2] kernel/ksysfs.c: Add capabilities attribute. Date: Mon, 17 Jan 2022 15:12:54 +0100 Message-Id: <20220117141254.46278-3-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220117141254.46278-1-flaniel@linux.microsoft.com> References: <20220117141254.46278-1-flaniel@linux.microsoft.com> MIME-Version: 1.0 Precedence: bulk List-ID: This new read-only attribute prints the capabilities values with their names: 0 CAP_CHOWN 1 CAP_DAC_OVERRIDE ... 39 CAP_BPF Signed-off-by: Francis Laniel --- kernel/ksysfs.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c index 35859da8bd4f..7d39794a55bc 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c @@ -182,6 +182,23 @@ static ssize_t rcu_normal_store(struct kobject *kobj, KERNEL_ATTR_RW(rcu_normal); #endif /* #ifndef CONFIG_TINY_RCU */ +static ssize_t capabilities_show(struct kobject *unused0, + struct kobj_attribute *unused1, char *buf) +{ + int at = 0; + int i; + + for (i = 0; i < CAP_LAST_CAP; i++) { + if (at >= PAGE_SIZE) + return at; + + at += sysfs_emit_at(buf, at, "%d\t%s\n", i, cap_strings[i]); + } + + return at; +} +KERNEL_ATTR_RO(capabilities); + /* * Make /sys/kernel/notes give the raw contents of our kernel .notes section. */ @@ -229,6 +246,7 @@ static struct attribute * kernel_attrs[] = { &rcu_expedited_attr.attr, &rcu_normal_attr.attr, #endif + &capabilities_attr.attr, NULL };