1 /* SPDX-License-Identifier: GPL-2.0 */
11  * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
53  *   1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
54  *   2. The security.* and trusted.* xattrs are fs-related MAC permissions
64 #define CAP_VALID_MASK	 (BIT_ULL(CAP_LAST_CAP+1)-1)
143 			      struct user_namespace *ns, int cap);
144 extern bool has_capability_noaudit(struct task_struct *t, int cap);
146 				      struct user_namespace *ns, int cap);
147 extern bool capable(int cap);
148 extern bool ns_capable(struct user_namespace *ns, int cap);
149 extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
150 extern bool ns_capable_setid(struct user_namespace *ns, int cap);
153 			      struct user_namespace *ns, int cap)  in has_ns_capability()  argument
157 static inline bool has_capability_noaudit(struct task_struct *t, int cap)  in has_capability_noaudit()  argument
162 				      struct user_namespace *ns, int cap)  in has_ns_capability_noaudit()  argument
166 static inline bool capable(int cap)  in capable()  argument
170 static inline bool ns_capable(struct user_namespace *ns, int cap)  in ns_capable()  argument
174 static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)  in ns_capable_noaudit()  argument
178 static inline bool ns_capable_setid(struct user_namespace *ns, int cap)  in ns_capable_setid()  argument
187 			      const struct inode *inode, int cap);
188 extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
206 /* audit system wants to get cap info from files as well */