latest/c++/linux_2capabilities_8hpp_source.html

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 #ifndef __LINUX_CAPABILITIES_HPP__
 #define __LINUX_CAPABILITIES_HPP__

 #include <set>

 #include <stout/flags.hpp>
 #include <stout/nothing.hpp>
 #include <stout/protobuf.hpp>
 #include <stout/try.hpp>

 #include <mesos/mesos.hpp>

 namespace mesos {
 namespace internal {
 namespace capabilities {

 // Superset of all capabilities. This is the set currently supported
 // by linux (kernel 5.9).
 enum Capability : int
 {
   CHOWN                  = 0,
   DAC_OVERRIDE           = 1,
   DAC_READ_SEARCH        = 2,
   FOWNER                 = 3,
   FSETID                 = 4,
   KILL                   = 5,
   SETGID                 = 6,
   SETUID                 = 7,
   SETPCAP                = 8,
   LINUX_IMMUTABLE        = 9,
   NET_BIND_SERVICE       = 10,
   NET_BROADCAST          = 11,
   NET_ADMIN              = 12,
   NET_RAW                = 13,
   IPC_LOCK               = 14,
   IPC_OWNER              = 15,
   SYS_MODULE             = 16,
   SYS_RAWIO              = 17,
   SYS_CHROOT             = 18,
   SYS_PTRACE             = 19,
   SYS_PACCT              = 20,
   SYS_ADMIN              = 21,
   SYS_BOOT               = 22,
   SYS_NICE               = 23,
   SYS_RESOURCE           = 24,
   SYS_TIME               = 25,
   SYS_TTY_CONFIG         = 26,
   MKNOD                  = 27,
   LEASE                  = 28,
   AUDIT_WRITE            = 29,
   AUDIT_CONTROL          = 30,
   SETFCAP                = 31,
   MAC_OVERRIDE           = 32,
   MAC_ADMIN              = 33,
   SYSLOG                 = 34,
   WAKE_ALARM             = 35,
   BLOCK_SUSPEND          = 36,
   AUDIT_READ             = 37,
   PERFMON                = 38,
   BPF                    = 39,
   CHECKPOINT_RESTORE     = 40,
   MAX_CAPABILITY         = 41,
 };


 enum Type
 {
   EFFECTIVE,
   PERMITTED,
   INHERITABLE,
   BOUNDING,
   AMBIENT,
 };


 class ProcessCapabilities
 {
 public:
   const std::set<Capability>& get(const Type& type) const;
   void set(const Type& type, const std::set<Capability>& capabilities);
   void add(const Type& type, const Capability& capability);
   void drop(const Type& type, const Capability& capability);

   bool operator==(const ProcessCapabilities& right) const
   {
     return right.effective == effective &&
       right.permitted == permitted &&
       right.inheritable == inheritable &&
       right.bounding == bounding &&
       right.ambient == ambient;
   }

 private:
   friend std::ostream& operator<<(
       std::ostream& stream,
       const ProcessCapabilities& processCapabilities);

   std::set<Capability> effective;
   std::set<Capability> permitted;
   std::set<Capability> inheritable;
   std::set<Capability> bounding;
   std::set<Capability> ambient;
 };


 class Capabilities
 {
 public:
   static Try<Capabilities> create();

   Try<ProcessCapabilities> get() const;

   Try<Nothing> set(const ProcessCapabilities& processCapabilities);

   Try<Nothing> setKeepCaps();

   std::set<Capability> getAllSupportedCapabilities();

   const bool ambientCapabilitiesSupported;

 private:
   Capabilities(int _lastCap, bool _ambientSupported);

   // Maximum count of capabilities supported by the system.
   const int lastCap;
 };


 Capability convert(const CapabilityInfo::Capability& capability);
 std::set<Capability> convert(const CapabilityInfo& capabilityInfo);
 CapabilityInfo convert(const std::set<Capability>& capabilitySet);


 std::ostream& operator<<(
     std::ostream& stream,
     const Capability& capability);


 std::ostream& operator<<(
     std::ostream& stream,
     const Type& type);


 std::ostream& operator<<(
     std::ostream& stream,
     const ProcessCapabilities& capabilities);

 } // namespace capabilities {
 } // namespace internal {
 } // namespace mesos {

 #endif // __LINUX_CAPABILITIES_HPP__
mesos::internal::capabilities::SYS_PACCT
Definition: capabilities.hpp:57

mesos::internal::capabilities::ProcessCapabilities
Encapsulation of capability value sets.
Definition: capabilities.hpp:95

mesos::internal::capabilities::DAC_OVERRIDE
Definition: capabilities.hpp:38

mesos::internal::capabilities::KILL
Definition: capabilities.hpp:42

mesos::internal::capabilities::SYS_TTY_CONFIG
Definition: capabilities.hpp:63

mesos::internal::capabilities::ProcessCapabilities::operator<<
friend std::ostream & operator<<(std::ostream &stream, const ProcessCapabilities &processCapabilities)

mesos::internal::capabilities::MAC_ADMIN
Definition: capabilities.hpp:70

mesos::internal::capabilities::PERMITTED
Definition: capabilities.hpp:85

mesos::internal::capabilities::NET_BROADCAST
Definition: capabilities.hpp:48

Try
Definition: check.hpp:33

mesos::internal::capabilities::SYS_BOOT
Definition: capabilities.hpp:59

mesos::internal::capabilities::MKNOD
Definition: capabilities.hpp:64

mesos.hpp

mesos::internal::capabilities::SETFCAP
Definition: capabilities.hpp:68

mesos::internal::capabilities::AMBIENT
Definition: capabilities.hpp:88

mesos::internal::capabilities::ProcessCapabilities::drop
void drop(const Type &type, const Capability &capability)

mesos::internal::capabilities::FOWNER
Definition: capabilities.hpp:40

mesos::internal::capabilities::SYS_ADMIN
Definition: capabilities.hpp:58

mesos::internal::capabilities::Capability
Capability
Definition: capabilities.hpp:35

mesos::internal::capabilities::BPF
Definition: capabilities.hpp:76

mesos::internal::capabilities::SETUID
Definition: capabilities.hpp:44

mesos::internal::capabilities::ProcessCapabilities::operator==
bool operator==(const ProcessCapabilities &right) const
Definition: capabilities.hpp:103

mesos::internal::capabilities::LINUX_IMMUTABLE
Definition: capabilities.hpp:46

mesos::internal::capabilities::CHOWN
Definition: capabilities.hpp:37

mesos::internal::capabilities::IPC_OWNER
Definition: capabilities.hpp:52

mesos::internal::capabilities::NET_RAW
Definition: capabilities.hpp:50

mesos::internal::capabilities::Capabilities::ambientCapabilitiesSupported
const bool ambientCapabilitiesSupported
Whether ambient capabilities are supported on this host.
Definition: capabilities.hpp:188

mesos::internal::capabilities::ProcessCapabilities::add
void add(const Type &type, const Capability &capability)

mesos::internal::capabilities::SYS_RAWIO
Definition: capabilities.hpp:54

mesos::internal::capabilities::INHERITABLE
Definition: capabilities.hpp:86

nothing.hpp

mesos::internal::capabilities::BOUNDING
Definition: capabilities.hpp:87

mesos::internal::capabilities::SYS_MODULE
Definition: capabilities.hpp:53

mesos::internal::capabilities::SYS_TIME
Definition: capabilities.hpp:62

mesos::internal::capabilities::SYS_PTRACE
Definition: capabilities.hpp:56

mesos
Definition: agent.hpp:25

flags.hpp

mesos::internal::capabilities::WAKE_ALARM
Definition: capabilities.hpp:72

mesos::internal::capabilities::SYS_CHROOT
Definition: capabilities.hpp:55

protobuf.hpp

mesos::internal::capabilities::SETGID
Definition: capabilities.hpp:43

mesos::internal::capabilities::convert
Capability convert(const CapabilityInfo::Capability &capability)

mesos::internal::capabilities::AUDIT_READ
Definition: capabilities.hpp:74

mesos::internal::capabilities::PERFMON
Definition: capabilities.hpp:75

mesos::internal::capabilities::DAC_READ_SEARCH
Definition: capabilities.hpp:39

mesos::internal::capabilities::FSETID
Definition: capabilities.hpp:41

mesos::internal::capabilities::NET_ADMIN
Definition: capabilities.hpp:49

internal
Definition: attributes.hpp:24

mesos::internal::capabilities::SYSLOG
Definition: capabilities.hpp:71

mesos::internal::capabilities::SYS_NICE
Definition: capabilities.hpp:60

mesos::internal::capabilities::Type
Type
Definition: capabilities.hpp:82

try.hpp

mesos::internal::capabilities::EFFECTIVE
Definition: capabilities.hpp:84

mesos::internal::capabilities::BLOCK_SUSPEND
Definition: capabilities.hpp:73

mesos::internal::fs::type
Try< uint32_t > type(const std::string &path)

mesos::internal::capabilities::MAC_OVERRIDE
Definition: capabilities.hpp:69

mesos::internal::capabilities::AUDIT_CONTROL
Definition: capabilities.hpp:67

mesos::internal::capabilities::SETPCAP
Definition: capabilities.hpp:45

cgroups::create
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)

mesos::internal::capabilities::SYS_RESOURCE
Definition: capabilities.hpp:61

mesos::internal::capabilities::LEASE
Definition: capabilities.hpp:65

mesos::internal::capabilities::AUDIT_WRITE
Definition: capabilities.hpp:66

mesos::internal::capabilities::IPC_LOCK
Definition: capabilities.hpp:51

mesos::internal::capabilities::MAX_CAPABILITY
Definition: capabilities.hpp:78

mesos::internal::capabilities::Capabilities
Provides wrapper for the linux process capabilities interface.
Definition: capabilities.hpp:134

mesos::internal::capabilities::NET_BIND_SERVICE
Definition: capabilities.hpp:47

mesos::internal::capabilities::CHECKPOINT_RESTORE
Definition: capabilities.hpp:77