diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-21 21:57:11 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-21 21:57:11 +0000 |
commit | 357ed048debba31da3ee1c0a24a3915fbe2d6a43 (patch) | |
tree | 14cfbb9d58780e8b97fa7ed642ea8b7dc1233c6c /cap/names.go | |
parent | e61c65778b22599546e46eee12f857dd1c28f89e (diff) | |
parent | d7d1a0a38c5be06a7e7d6391d140b54878836f48 (diff) | |
download | libcap-android14-qpr2-release.tar.gz |
Snap for 10843824 from d7d1a0a38c5be06a7e7d6391d140b54878836f48 to 24Q1-releaseandroid-14.0.0_r37android-14.0.0_r36android-14.0.0_r35android-14.0.0_r34android-14.0.0_r33android-14.0.0_r32android-14.0.0_r31android-14.0.0_r30android-14.0.0_r29android14-qpr2-s5-releaseandroid14-qpr2-s4-releaseandroid14-qpr2-s3-releaseandroid14-qpr2-s2-releaseandroid14-qpr2-s1-releaseandroid14-qpr2-release
Change-Id: I9c49381008e4ea940690b36fd9cde1c2078adc75
Diffstat (limited to 'cap/names.go')
-rw-r--r-- | cap/names.go | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/cap/names.go b/cap/names.go index 8ee96d1..2655380 100644 --- a/cap/names.go +++ b/cap/names.go @@ -2,8 +2,8 @@ package cap /* ** DO NOT EDIT THIS FILE. IT WAS AUTO-GENERATED BY LIBCAP'S GO BUILDER (mknames.go) ** */ -// NamedCount holds the number of capability values with official -// names known at the time this libcap/cap version, was released. The +// NamedCount holds the number of capability values, with official +// names, known at the time this libcap/cap version was released. The // "../libcap/cap" package is fully able to manipulate higher numbered // capability values by numerical value. However, if you find // cap.NamedCount < cap.MaxBits(), it is probably time to upgrade this @@ -42,6 +42,10 @@ const ( // where file owner ID should otherwise need be equal to // the UID, except where cap.FSETID is applicable. It // doesn't override MAC and DAC restrictions. + // + // This capability permits the deletion of a file owned + // by another UID in a directory protected by the sticky + // (t) bit. FOWNER // FSETID allows a process to set the S_ISUID and S_ISUID bits of @@ -70,24 +74,29 @@ const ( SETUID // SETPCAP allows a process to freely manipulate its inheritable - // capabilities. Linux supports the POSIX.1e Inheritable - // set, as well as Bounding and Ambient Linux extension - // vectors. This capability permits dropping bits from the - // Bounding vector. It also permits the process to raise - // Ambient vector bits that are both raised in the - // Permitted and Inheritable sets of the process. This - // capability cannot be used to raise Permitted bits, or - // Effective bits beyond those already present in the - // process' permitted set. + // capabilities. + // + // Linux supports the POSIX.1e Inheritable set, the POXIX.1e (X + // vector) known in Linux as the Bounding vector, as well as + // the Linux extension Ambient vector. + // + // This capability permits dropping bits from the Bounding + // vector (ie. raising B bits in the libcap IAB + // representation). It also permits the process to raise + // Ambient vector bits that are both raised in the Permitted + // and Inheritable sets of the process. This capability cannot + // be used to raise Permitted bits, Effective bits beyond those + // already present in the process' permitted set, or + // Inheritable bits beyond those present in the Bounding + // vector. // - // [Historical note: prior to the advent of file - // capabilities (2008), this capability was suppressed by - // default, as its unsuppressed behavior was not - // auditable: it could asynchronously grant its own - // Permitted capabilities to and remove capabilities from - // other processes arbitrarily. The former leads to - // undefined behavior, and the latter is better served by - // the kill system call.] + // [Historical note: prior to the advent of file capabilities + // (2008), this capability was suppressed by default, as its + // unsuppressed behavior was not auditable: it could + // asynchronously grant its own Permitted capabilities to and + // remove capabilities from other processes arbitrarily. The + // former leads to undefined behavior, and the latter is better + // served by the kill system call.] SETPCAP // LINUX_IMMUTABLE allows a process to modify the S_IMMUTABLE and |