Apache Mesos
capabilities.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __LINUX_CAPABILITIES_HPP__
18 #define __LINUX_CAPABILITIES_HPP__
19 
20 #include <set>
21 
22 #include <stout/flags.hpp>
23 #include <stout/nothing.hpp>
24 #include <stout/protobuf.hpp>
25 #include <stout/try.hpp>
26 
27 #include <mesos/mesos.hpp>
28 
29 namespace mesos {
30 namespace internal {
31 namespace capabilities {
32 
33 // Superset of all capabilities. This is the set currently supported
34 // by linux (kernel 4.0).
35 enum Capability : int
36 {
37  CHOWN = 0,
40  FOWNER = 3,
41  FSETID = 4,
42  KILL = 5,
43  SETGID = 6,
44  SETUID = 7,
45  SETPCAP = 8,
49  NET_ADMIN = 12,
50  NET_RAW = 13,
51  IPC_LOCK = 14,
52  IPC_OWNER = 15,
53  SYS_MODULE = 16,
54  SYS_RAWIO = 17,
55  SYS_CHROOT = 18,
56  SYS_PTRACE = 19,
57  SYS_PACCT = 20,
58  SYS_ADMIN = 21,
59  SYS_BOOT = 22,
60  SYS_NICE = 23,
62  SYS_TIME = 25,
64  MKNOD = 27,
65  LEASE = 28,
68  SETFCAP = 31,
70  MAC_ADMIN = 33,
71  SYSLOG = 34,
72  WAKE_ALARM = 35,
74  AUDIT_READ = 37,
76 };
77 
78 
79 enum Type
80 {
86 };
87 
88 
93 {
94 public:
95  const std::set<Capability>& get(const Type& type) const;
96  void set(const Type& type, const std::set<Capability>& capabilities);
97  void add(const Type& type, const Capability& capability);
98  void drop(const Type& type, const Capability& capability);
99 
100  bool operator==(const ProcessCapabilities& right) const
101  {
102  return right.effective == effective &&
103  right.permitted == permitted &&
104  right.inheritable == inheritable &&
105  right.bounding == bounding &&
106  right.ambient == ambient;
107  }
108 
109 private:
110  friend std::ostream& operator<<(
111  std::ostream& stream,
112  const ProcessCapabilities& processCapabilities);
113 
114  std::set<Capability> effective;
115  std::set<Capability> permitted;
116  std::set<Capability> inheritable;
117  std::set<Capability> bounding;
118  std::set<Capability> ambient;
119 };
120 
121 
132 {
133 public:
144  static Try<Capabilities> create();
145 
152  Try<ProcessCapabilities> get() const;
153 
161  Try<Nothing> set(const ProcessCapabilities& processCapabilities);
162 
170  Try<Nothing> setKeepCaps();
171 
177  std::set<Capability> getAllSupportedCapabilities();
178 
186 
187 private:
188  Capabilities(int _lastCap, bool _ambientSupported);
189 
190  // Maximum count of capabilities supported by the system.
191  const int lastCap;
192 };
193 
194 
196 std::set<Capability> convert(const CapabilityInfo& capabilityInfo);
197 CapabilityInfo convert(const std::set<Capability>& capabilitySet);
198 
199 
200 std::ostream& operator<<(
201  std::ostream& stream,
202  const Capability& capability);
203 
204 
205 std::ostream& operator<<(
206  std::ostream& stream,
207  const Type& type);
208 
209 
210 std::ostream& operator<<(
211  std::ostream& stream,
212  const ProcessCapabilities& capabilities);
213 
214 } // namespace capabilities {
215 } // namespace internal {
216 } // namespace mesos {
217 
218 #endif // __LINUX_CAPABILITIES_HPP__
Definition: capabilities.hpp:57
Encapsulation of capability value sets.
Definition: capabilities.hpp:92
Definition: capabilities.hpp:38
Definition: capabilities.hpp:42
Definition: capabilities.hpp:63
friend std::ostream & operator<<(std::ostream &stream, const ProcessCapabilities &processCapabilities)
Definition: capabilities.hpp:70
Definition: capabilities.hpp:82
Definition: capabilities.hpp:48
Definition: check.hpp:33
Definition: capabilities.hpp:59
Definition: capabilities.hpp:64
Definition: capabilities.hpp:68
Definition: capabilities.hpp:85
void drop(const Type &type, const Capability &capability)
Definition: capabilities.hpp:40
Definition: capabilities.hpp:58
Capability
Definition: capabilities.hpp:35
Definition: capabilities.hpp:44
bool operator==(const ProcessCapabilities &right) const
Definition: capabilities.hpp:100
Definition: capabilities.hpp:46
Definition: capabilities.hpp:37
Definition: capabilities.hpp:52
Definition: capabilities.hpp:50
const bool ambientCapabilitiesSupported
Whether ambient capabilities are supported on this host.
Definition: capabilities.hpp:185
void add(const Type &type, const Capability &capability)
Definition: capabilities.hpp:54
Definition: capabilities.hpp:83
Definition: capabilities.hpp:84
Definition: capabilities.hpp:53
Definition: capabilities.hpp:62
Definition: capabilities.hpp:56
Definition: spec.hpp:30
Definition: capabilities.hpp:72
Definition: capabilities.hpp:55
Definition: capabilities.hpp:43
Capability convert(const CapabilityInfo::Capability &capability)
Definition: capabilities.hpp:74
Definition: capabilities.hpp:39
Definition: capabilities.hpp:41
Definition: capabilities.hpp:49
Definition: attributes.hpp:24
Definition: capabilities.hpp:71
Definition: capabilities.hpp:60
Type
Definition: capabilities.hpp:79
Definition: capabilities.hpp:81
Definition: capabilities.hpp:73
Try< uint32_t > type(const std::string &path)
Definition: capabilities.hpp:69
Definition: capabilities.hpp:67
Definition: capabilities.hpp:45
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
Definition: capabilities.hpp:61
Definition: capabilities.hpp:65
Definition: capabilities.hpp:66
Definition: capabilities.hpp:51
Definition: capabilities.hpp:75
Provides wrapper for the linux process capabilities interface.
Definition: capabilities.hpp:131