Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-28 18:36:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:ap_capset - Validate and apply proposed changes to current's capabilities*@new: The proposed new credentials; alterations should be made here*@old: The current task's current credentials*@effective: A pointer to the proposed new effective capabilities

Proto:int cap_capset(struct cred *new, const struct cred *old, const kernel_cap_t *effective, const kernel_cap_t *inheritable, const kernel_cap_t *permitted)

Type:int

Parameter:

TypeParameterName
struct cred *new
const struct cred *old
const kernel_cap_t *effective
const kernel_cap_t *inheritable
const kernel_cap_t *permitted
247  If Determine whether the inheritable capabilities are limited to the old* permitted set. Returns 1 if they are limited, 0 if they are not. && Not Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false Then Return -EPERM
254  If Not Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false Then Return -EPERM
261  If Not Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false Then Return -EPERM
265  If Not Check if "a" is a subset of "set".* return true if ALL of the capabilities in "a" are also in "set"* cap_issubset(0101, 1111) will return true* return false if ANY of the capabilities in "a" are not in "set"* cap_issubset(1111, 0101) will return false Then Return -EPERM
268  caps we can actually use = effective
269  caps our children can inherit = inheritable
270  caps we're permitted = permitted
276  Ambient capability set = cap_intersect( Ambient capability set , cap_intersect( * permitted, * inheritable))
279  If WARN_ON(!cap_ambient_invariant_ok(new)) Then Return -EINVAL
281  Return 0