1#ifndef __CAPSICUM_LINUX_H__ 2#define __CAPSICUM_LINUX_H__ 3 4#ifdef __linux__ 5/************************************************************ 6 * Linux Capsicum Functionality. 7 ************************************************************/ 8#include <errno.h> 9#include <sys/procdesc.h> 10#include <sys/capsicum.h> 11 12#define HAVE_CAP_RIGHTS_LIMIT 13#define HAVE_CAP_RIGHTS_GET 14#define HAVE_CAP_FCNTLS_LIMIT 15#define HAVE_CAP_IOCTLS_LIMIT 16#define HAVE_PROC_FDINFO 17#define HAVE_PDWAIT4 18#define CAP_FROM_ACCEPT 19// TODO(drysdale): uncomment if/when Linux propagates rights on sctp_peeloff. 20// Linux does not generate a capability from sctp_peeloff(cap_fd,...). 21// #define CAP_FROM_PEELOFF 22// TODO(drysdale): uncomment if/when Linux allows intermediate .. path segments 23// for openat()-like operations. 24// #define HAVE_OPENAT_INTERMEDIATE_DOTDOT 25 26// Failure to open file due to path traversal generates EPERM 27#ifdef ENOTBENEATH 28#define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH 29#define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH 30#else 31#define E_NO_TRAVERSE_CAPABILITY EPERM 32#define E_NO_TRAVERSE_O_BENEATH EPERM 33#endif 34 35// Too many links 36#define E_TOO_MANY_LINKS ELOOP 37 38#endif /* __linux__ */ 39 40#endif /*__CAPSICUM_LINUX_H__*/ 41