Home Explore Help
Register Sign In
trn
/
gfpsgo
mirror of git://github.com/johnsonjh/gfpsgo
Watch 1
Star 1
Fork 0
Files Issues
Branch: master
Branches Tags
gfpsgo
/
internal
/
capabilities
/
capabilities.go

capabilities.go 2.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. // Copyright 2021 Jeffrey H. Johnson <trnsz@pobox.com>
    2. 

  2. // Copyright 2018 psgo authors
    3. 

  3. //
    4. 

  4. // Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. // you may not use this file except in compliance with the License.
    6. 

  6. // You may obtain a copy of the License at
    7. 

  7. //
    8. 

  8. //     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. //
    10. 

  10. // Unless required by applicable law or agreed to in writing, software
    11. 

  11. // distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. // See the License for the specific language governing permissions and
    14. 

  14. // limitations under the License.
    15. 

  15. 

  16. // Package capabilities provides a mapping from common kernel bit masks to
    17. 

  17. // the alphanumerical representation of kernel capabilities.
    18. 

  18. // See capabilities(7) for additional information.
    19. 

  19. package capabilities
    20. 

  20. 

  21. var (
    22. 

  22. 	// capabilities are a mapping from a numerical value to the textual
    23. 

  23. 	// representation of a given capability.  A map allows to easily check
    24. 

  24. 	// if a given value is included or not.
    25. 

  25. 	//
    26. 

  26. 	// NOTE: this map must be maintained and kept in sync with the
    27. 

  27. 	//       ./include/uapi/linux/capability.h kernel header.
    28. 

  28. 	capabilities = map[uint]string{
    29. 

  29. 		0:  "CHOWN",
    30. 

  30. 		1:  "DAC_OVERRIDE",
    31. 

  31. 		2:  "DAC_READ_SEARCH",
    32. 

  32. 		3:  "FOWNER",
    33. 

  33. 		4:  "FSETID",
    34. 

  34. 		5:  "KILL",
    35. 

  35. 		6:  "SETGID",
    36. 

  36. 		7:  "SETUID",
    37. 

  37. 		8:  "SETPCAP",
    38. 

  38. 		9:  "LINUX_IMMUTABLE",
    39. 

  39. 		10: "NET_BIND_SERVICE",
    40. 

  40. 		11: "NET_BROADCAST",
    41. 

  41. 		12: "NET_ADMIN",
    42. 

  42. 		13: "NET_RAW",
    43. 

  43. 		14: "IPC_LOCK",
    44. 

  44. 		15: "IPC_OWNER",
    45. 

  45. 		16: "SYS_MODULE",
    46. 

  46. 		17: "SYS_RAWIO",
    47. 

  47. 		18: "SYS_CHROOT",
    48. 

  48. 		19: "SYS_PTRACE",
    49. 

  49. 		20: "SYS_PACCT",
    50. 

  50. 		21: "SYS_ADMIN",
    51. 

  51. 		22: "SYS_BOOT",
    52. 

  52. 		23: "SYS_NICE",
    53. 

  53. 		24: "SYS_RESOURCE",
    54. 

  54. 		25: "SYS_TIME",
    55. 

  55. 		26: "SYS_TTY_CONFIG",
    56. 

  56. 		27: "MKNOD",
    57. 

  57. 		28: "LEASE",
    58. 

  58. 		29: "AUDIT_WRITE",
    59. 

  59. 		30: "AUDIT_CONTROL",
    60. 

  60. 		31: "SETFCAP",
    61. 

  61. 		32: "MAC_OVERRIDE",
    62. 

  62. 		33: "MAC_ADMIN",
    63. 

  63. 		34: "SYSLOG",
    64. 

  64. 		35: "WAKE_ALARM",
    65. 

  65. 		36: "BLOCK_SUSPEND",
    66. 

  66. 		37: "AUDIT_READ",
    67. 

  67. 	}
    68. 

  68. 

  69. 	// FullCAPs represents a bitmask with a full capability set.
    70. 

  70. 	FullCAPs = uint64(0x3FFFFFFFFF)
    71. 

  71. )
    72. 

  72. 

  73. // TranslateMask iterates over mask and returns a slice of corresponding
    74. 

  74. // capabilities.  If a bit is out of range of known capabilities, it is set
    75. 

  75. // as "unknown" to catch potential regressions when new capabilities are
    76. 

  76. // added to the kernel.
    77. 

  77. func TranslateMask(mask uint64) []string {
    78. 

  78. 	caps := []string{}
    79. 

  79. 	for i := uint(0); i < 64; i++ {
    80. 

  80. 		if (mask>>i)&0x1 == 1 {
    81. 

  81. 			c, known := capabilities[i]
    82. 

  82. 			if !known {
    83. 

  83. 				c = "unknown"
    84. 

  84. 			}
    85. 

  85. 			caps = append(caps, c)
    86. 

  86. 		}
    87. 

  87. 	}
    88. 

  88. 	return caps
    89. 

  89. }
    90. 

  90.