uapi/linux/capability.h

1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
11  * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
19 /* User-level do most of the mapping between kernel and user
33 #define _LINUX_CAPABILITY_VERSION_2  0x20071026  /* deprecated - use v3 */
96  * Backwardly compatible definition for source code - trapped in a
97  * 32-bit world. If you find you need this, please consider using
107  ** POSIX-draft defined capabilities.
138    the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
149 /* Allows setgid(2) manipulation */
155 /* Allows set*uid(2) manipulation (including fsuid). */
162  ** Linux-specific capabilities
201 /* Allow read/write of device-specific registers */
222 /* Insert and remove kernel modules - modify kernel without limit */
269 /* Allow reading non-standardized portions of pci configuration space */
272 /* Allow sending raw qic-117 commands */
288 /* Allow use of FIFO and round-robin (realtime) scheduling on own
305 /* Allow more than 64hz interrupts from the real-time clock */
312 /* Allow manipulation of system clock */
314 /* Allow setting the real-time clock */
386  * - Creating all types of BPF maps
387  * - Advanced verifier features
388  *   - Indirect variable access
389  *   - Bounded loops
390  *   - BPF to BPF function calls
391  *   - Scalar precision tracking
392  *   - Larger complexity limits
393  *   - Dead code elimination
394  *   - And potentially other features
395  * - Loading BPF Type Format (BTF) data
396  * - Retrieve xlated and JITed code of BPF programs
397  * - Use bpf_spin_lock() helper
400  * - BPF progs can use of pointer-to-integer conversions
401  * - speculation attack hardening measures are bypassed
402  * - bpf_probe_read to read arbitrary kernel memory is allowed
403  * - bpf_trace_printk to print kernel memory is allowed
427  * Bit location of each capability (used by user-space library and kernel)