FreeBSD/Linux Kernel Cross Reference
sys/sys/priv.h
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2006 nCircle Network Security, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert N. M. Watson for the TrustedBSD
8 * Project under contract to nCircle Network Security, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
23 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
25 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
27 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * $FreeBSD$
32 */
33
34 /*
35 * Privilege checking interface for BSD kernel.
36 */
37 #ifndef _SYS_PRIV_H_
38 #define _SYS_PRIV_H_
39
40 /*
41 * Privilege list, sorted loosely by kernel subsystem.
42 *
43 * Think carefully before adding or reusing one of these privileges -- are
44 * there existing instances referring to the same privilege? Third party
45 * vendors may request the assignment of privileges to be used in loadable
46 * modules. Particular numeric privilege assignments are part of the
47 * loadable kernel module ABI, and should not be changed across minor
48 * releases.
49 *
50 * When adding a new privilege, remember to determine if it's appropriate
51 * for use in jail, and update the privilege switch in prison_priv_check()
52 * in kern_jail.c as necessary.
53 */
54
55 /*
56 * Track beginning of privilege list.
57 */
58 #define _PRIV_LOWEST 1
59
60 /*
61 * The remaining privileges typically correspond to one or a small
62 * number of specific privilege checks, and have (relatively) precise
63 * meanings. They are loosely sorted into a set of base system
64 * privileges, such as the ability to reboot, and then loosely by
65 * subsystem, indicated by a subsystem name.
66 */
67 #define _PRIV_ROOT 1 /* Removed. */
68 #define PRIV_ACCT 2 /* Manage process accounting. */
69 #define PRIV_MAXFILES 3 /* Exceed system open files limit. */
70 #define PRIV_MAXPROC 4 /* Exceed system processes limit. */
71 #define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */
72 #define PRIV_SETDUMPER 6 /* Configure dump device. */
73 #define PRIV_REBOOT 8 /* Can reboot system. */
74 #define PRIV_SWAPON 9 /* Can swapon(). */
75 #define PRIV_SWAPOFF 10 /* Can swapoff(). */
76 #define PRIV_MSGBUF 11 /* Can read kernel message buffer. */
77 #define PRIV_IO 12 /* Can perform low-level I/O. */
78 #define PRIV_KEYBOARD 13 /* Reprogram keyboard. */
79 #define PRIV_DRIVER 14 /* Low-level driver privilege. */
80 #define PRIV_ADJTIME 15 /* Set time adjustment. */
81 #define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */
82 #define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */
83 #define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */
84 #define _PRIV_SETHOSTID 19 /* Removed. */
85 #define _PRIV_SETDOMAINNAME 20 /* Removed. */
86
87 /*
88 * Audit subsystem privileges.
89 */
90 #define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */
91 #define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */
92 #define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */
93 #define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */
94 #define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */
95
96 /*
97 * Credential management privileges.
98 */
99 #define PRIV_CRED_SETUID 50 /* setuid. */
100 #define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */
101 #define PRIV_CRED_SETGID 52 /* setgid. */
102 #define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */
103 #define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */
104 #define PRIV_CRED_SETREUID 55 /* setreuid. */
105 #define PRIV_CRED_SETREGID 56 /* setregid. */
106 #define PRIV_CRED_SETRESUID 57 /* setresuid. */
107 #define PRIV_CRED_SETRESGID 58 /* setresgid. */
108 #define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
109 #define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
110
111 /*
112 * Debugging privileges.
113 */
114 #define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */
115 #define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */
116 #define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */
117 #define PRIV_DEBUG_DENIED 83 /* Exempt P2_NOTRACE. */
118
119 /*
120 * Dtrace privileges.
121 */
122 #define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */
123 #define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */
124 #define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */
125
126 /*
127 * Firmware privilegs.
128 */
129 #define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */
130
131 /*
132 * Jail privileges.
133 */
134 #define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */
135 #define PRIV_JAIL_SET 111 /* Set jail parameters. */
136 #define PRIV_JAIL_REMOVE 112 /* Remove a jail. */
137
138 /*
139 * Kernel environment privileges.
140 */
141 #define PRIV_KENV_SET 120 /* Set kernel env. variables. */
142 #define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */
143
144 /*
145 * Loadable kernel module privileges.
146 */
147 #define PRIV_KLD_LOAD 130 /* Load a kernel module. */
148 #define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */
149
150 /*
151 * Privileges associated with the MAC Framework and specific MAC policy
152 * modules.
153 */
154 #define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */
155 #define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */
156
157 /*
158 * Process-related privileges.
159 */
160 #define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */
161 #define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */
162 #define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */
163 #define PRIV_PROC_SETLOGINCLASS 163 /* Can call setloginclass(2). */
164
165 /*
166 * System V IPC privileges.
167 */
168 #define PRIV_IPC_READ 170 /* Can override IPC read perm. */
169 #define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */
170 #define PRIV_IPC_ADMIN 172 /* Can override IPC owner-only perm. */
171 #define PRIV_IPC_MSGSIZE 173 /* Exempt IPC message queue limit. */
172
173 /*
174 * POSIX message queue privileges.
175 */
176 #define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */
177
178 /*
179 * Performance monitoring counter privileges.
180 */
181 #define PRIV_PMC_MANAGE 190 /* Can administer PMC. */
182 #define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */
183
184 /*
185 * Scheduling privileges.
186 */
187 #define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */
188 #define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */
189 #define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */
190 #define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */
191 #define PRIV_SCHED_SET 204 /* Can set thread scheduler. */
192 #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */
193 #define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */
194 #define PRIV_SCHED_CPUSET_INTR 207 /* Can adjust IRQ to CPU binding. */
195 #define PRIV_SCHED_IDPRIO 208 /* Can set idle time scheduling. */
196
197 /*
198 * POSIX semaphore privileges.
199 */
200 #define PRIV_SEM_WRITE 220 /* Can override sem write perm. */
201
202 /*
203 * Signal privileges.
204 */
205 #define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */
206 #define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */
207
208 /*
209 * Sysctl privileges.
210 */
211 #define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
212 #define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
213 #define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
214
215 /*
216 * TTY privileges.
217 */
218 #define PRIV_TTY_CONSOLE 250 /* Set console to tty. */
219 #define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */
220 #define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */
221 #define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */
222 #define _PRIV_TTY_PRISON 254 /* Removed. */
223 #define PRIV_TTY_STI 255 /* Simulate input on another tty. */
224 #define PRIV_TTY_SETA 256 /* Set tty termios structure. */
225
226 /*
227 * UFS-specific privileges.
228 */
229 #define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */
230 #define PRIV_UFS_QUOTAOFF 271 /* quotaoff(). */
231 #define PRIV_UFS_QUOTAON 272 /* quotaon(). */
232 #define PRIV_UFS_SETUSE 273 /* setuse(). */
233
234 /*
235 * ZFS-specific privileges.
236 */
237 #define PRIV_ZFS_POOL_CONFIG 280 /* Can configure ZFS pools. */
238 #define PRIV_ZFS_INJECT 281 /* Can inject faults in the ZFS fault
239 injection framework. */
240 #define PRIV_ZFS_JAIL 282 /* Can attach/detach ZFS file systems
241 to/from jails. */
242
243 /*
244 * NFS-specific privileges.
245 */
246 #define PRIV_NFS_DAEMON 290 /* Can become the NFS daemon. */
247 #define PRIV_NFS_LOCKD 291 /* Can become NFS lock daemon. */
248
249 /*
250 * VFS privileges.
251 */
252 #define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */
253 #define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */
254 #define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */
255 #define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */
256 #define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */
257 #define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */
258 #define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */
259 #define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */
260 #define PRIV_VFS_CHROOT 318 /* chroot(). */
261 #define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */
262 #define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */
263 #define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */
264 #define PRIV_VFS_FCHROOT 322 /* fchroot(). */
265 #define PRIV_VFS_FHOPEN 323 /* Can fhopen(). */
266 #define PRIV_VFS_FHSTAT 324 /* Can fhstat(). */
267 #define PRIV_VFS_FHSTATFS 325 /* Can fhstatfs(). */
268 #define PRIV_VFS_GENERATION 326 /* stat() returns generation number. */
269 #define PRIV_VFS_GETFH 327 /* Can retrieve file handles. */
270 #define PRIV_VFS_GETQUOTA 328 /* getquota(). */
271 #define PRIV_VFS_LINK 329 /* bsd.hardlink_check_uid */
272 #define PRIV_VFS_MKNOD_BAD 330 /* Was: mknod() can mark bad inodes. */
273 #define PRIV_VFS_MKNOD_DEV 331 /* Can mknod() to create dev nodes. */
274 #define PRIV_VFS_MKNOD_WHT 332 /* Can mknod() to create whiteout. */
275 #define PRIV_VFS_MOUNT 333 /* Can mount(). */
276 #define PRIV_VFS_MOUNT_OWNER 334 /* Can manage other users' file systems. */
277 #define PRIV_VFS_MOUNT_EXPORTED 335 /* Can set MNT_EXPORTED on mount. */
278 #define PRIV_VFS_MOUNT_PERM 336 /* Override dev node perms at mount. */
279 #define PRIV_VFS_MOUNT_SUIDDIR 337 /* Can set MNT_SUIDDIR on mount. */
280 #define PRIV_VFS_MOUNT_NONUSER 338 /* Can perform a non-user mount. */
281 #define PRIV_VFS_SETGID 339 /* Can setgid if not in group. */
282 #define PRIV_VFS_SETQUOTA 340 /* setquota(). */
283 #define PRIV_VFS_STICKYFILE 341 /* Can set sticky bit on file. */
284 #define PRIV_VFS_SYSFLAGS 342 /* Can modify system flags. */
285 #define PRIV_VFS_UNMOUNT 343 /* Can unmount(). */
286 #define PRIV_VFS_STAT 344 /* Override vnode MAC stat perm. */
287 #define PRIV_VFS_READ_DIR 345 /* Can read(2) a dirfd, needs sysctl. */
288
289 /*
290 * Virtual memory privileges.
291 */
292 #define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */
293 #define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */
294 #define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */
295 #define PRIV_VM_SWAP_NOQUOTA 363 /*
296 * Can override the global
297 * swap reservation limits.
298 */
299 #define PRIV_VM_SWAP_NORLIMIT 364 /*
300 * Can override the per-uid
301 * swap reservation limits.
302 */
303
304 /*
305 * Device file system privileges.
306 */
307 #define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */
308 #define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */
309
310 /*
311 * Random number generator privileges.
312 */
313 #define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */
314
315 /*
316 * Network stack privileges.
317 */
318 #define PRIV_NET_BRIDGE 390 /* Administer bridge. */
319 #define PRIV_NET_GRE 391 /* Administer GRE. */
320 #define _PRIV_NET_PPP 392 /* Removed. */
321 #define _PRIV_NET_SLIP 393 /* Removed. */
322 #define PRIV_NET_BPF 394 /* Monitor BPF. */
323 #define PRIV_NET_RAW 395 /* Open raw socket. */
324 #define PRIV_NET_ROUTE 396 /* Administer routing. */
325 #define PRIV_NET_TAP 397 /* Can open tap device. */
326 #define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */
327 #define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */
328 #define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */
329 #define PRIV_NET_SETIFNAME 401 /* Set interface name. */
330 #define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */
331 #define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */
332 #define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */
333 #define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */
334 #define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */
335 #define PRIV_NET_HWIOCTL 407 /* Issue hardware ioctl on ifnet. */
336 #define PRIV_NET_SETLLADDR 408 /* Set interface link-level address. */
337 #define PRIV_NET_ADDIFGROUP 409 /* Add new interface group. */
338 #define PRIV_NET_DELIFGROUP 410 /* Delete interface group. */
339 #define PRIV_NET_IFCREATE 411 /* Create cloned interface. */
340 #define PRIV_NET_IFDESTROY 412 /* Destroy cloned interface. */
341 #define PRIV_NET_ADDIFADDR 413 /* Add protocol addr to interface. */
342 #define PRIV_NET_DELIFADDR 414 /* Delete protocol addr on interface. */
343 #define PRIV_NET_LAGG 415 /* Administer lagg interface. */
344 #define PRIV_NET_GIF 416 /* Administer gif interface. */
345 #define PRIV_NET_SETIFVNET 417 /* Move interface to vnet. */
346 #define PRIV_NET_SETIFDESCR 418 /* Set interface description. */
347 #define PRIV_NET_SETIFFIB 419 /* Set interface fib. */
348 #define PRIV_NET_VXLAN 420 /* Administer vxlan. */
349 #define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */
350 #define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
351 #define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */
352 #define PRIV_NET_ME 423 /* Administer ME interface. */
353 #define PRIV_NET_WG 424 /* Administer WireGuard interface. */
354
355 /*
356 * 802.11-related privileges.
357 */
358 #define PRIV_NET80211_VAP_GETKEY 440 /* Query VAP 802.11 keys. */
359 #define PRIV_NET80211_VAP_MANAGE 441 /* Administer 802.11 VAP */
360 #define PRIV_NET80211_VAP_SETMAC 442 /* Set VAP MAC address */
361 #define PRIV_NET80211_CREATE_VAP 443 /* Create a new VAP */
362
363 /*
364 * Placeholder for AppleTalk privileges, not supported anymore.
365 */
366 #define _PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */
367
368 /*
369 * ATM privileges.
370 */
371 #define PRIV_NETATM_CFG 460
372 #define PRIV_NETATM_ADD 461
373 #define PRIV_NETATM_DEL 462
374 #define PRIV_NETATM_SET 463
375
376 /*
377 * Bluetooth privileges.
378 */
379 #define PRIV_NETBLUETOOTH_RAW 470 /* Open raw bluetooth socket. */
380
381 /*
382 * Netgraph and netgraph module privileges.
383 */
384 #define PRIV_NETGRAPH_CONTROL 480 /* Open netgraph control socket. */
385 #define PRIV_NETGRAPH_TTY 481 /* Configure tty for netgraph. */
386
387 /*
388 * IPv4 and IPv6 privileges.
389 */
390 #define PRIV_NETINET_RESERVEDPORT 490 /* Bind low port number. */
391 #define PRIV_NETINET_IPFW 491 /* Administer IPFW firewall. */
392 #define PRIV_NETINET_DIVERT 492 /* Open IP divert socket. */
393 #define PRIV_NETINET_PF 493 /* Administer pf firewall. */
394 #define PRIV_NETINET_DUMMYNET 494 /* Administer DUMMYNET. */
395 #define PRIV_NETINET_CARP 495 /* Administer CARP. */
396 #define PRIV_NETINET_MROUTE 496 /* Administer multicast routing. */
397 #define PRIV_NETINET_RAW 497 /* Open netinet raw socket. */
398 #define PRIV_NETINET_GETCRED 498 /* Query netinet pcb credentials. */
399 #define PRIV_NETINET_ADDRCTRL6 499 /* Administer IPv6 address scopes. */
400 #define PRIV_NETINET_ND6 500 /* Administer IPv6 neighbor disc. */
401 #define PRIV_NETINET_SCOPE6 501 /* Administer IPv6 address scopes. */
402 #define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */
403 #define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */
404 #define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */
405 #define PRIV_NETINET_SETHDROPTS 505 /* Set certain IPv4/6 header options. */
406 #define PRIV_NETINET_BINDANY 506 /* Allow bind to any address. */
407 #define PRIV_NETINET_HASHKEY 507 /* Get and set hash keys for IPv4/6. */
408
409 /*
410 * Placeholders for IPX/SPX privileges, not supported any more.
411 */
412 #define _PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */
413 #define _PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */
414
415 /*
416 * NCP privileges.
417 */
418 #define PRIV_NETNCP 530 /* Use another user's connection. */
419
420 /*
421 * SMB privileges.
422 */
423 #define PRIV_NETSMB 540 /* Use another user's connection. */
424
425 /*
426 * VM86 privileges.
427 */
428 #define PRIV_VM86_INTCALL 550 /* Allow invoking vm86 int handlers. */
429
430 /*
431 * Set of reserved privilege values, which will be allocated to code as
432 * needed, in order to avoid renumbering later privileges due to insertion.
433 */
434 #define _PRIV_RESERVED0 560
435 #define _PRIV_RESERVED1 561
436 #define _PRIV_RESERVED2 562
437 #define _PRIV_RESERVED3 563
438 #define _PRIV_RESERVED4 564
439 #define _PRIV_RESERVED5 565
440 #define _PRIV_RESERVED6 566
441 #define _PRIV_RESERVED7 567
442 #define _PRIV_RESERVED8 568
443 #define _PRIV_RESERVED9 569
444 #define _PRIV_RESERVED10 570
445 #define _PRIV_RESERVED11 571
446 #define _PRIV_RESERVED12 572
447 #define _PRIV_RESERVED13 573
448 #define _PRIV_RESERVED14 574
449 #define _PRIV_RESERVED15 575
450
451 /*
452 * Define a set of valid privilege numbers that can be used by loadable
453 * modules that don't yet have privilege reservations. Ideally, these should
454 * not be used, since their meaning is opaque to any policies that are aware
455 * of specific privileges, such as jail, and as such may be arbitrarily
456 * denied.
457 */
458 #define PRIV_MODULE0 600
459 #define PRIV_MODULE1 601
460 #define PRIV_MODULE2 602
461 #define PRIV_MODULE3 603
462 #define PRIV_MODULE4 604
463 #define PRIV_MODULE5 605
464 #define PRIV_MODULE6 606
465 #define PRIV_MODULE7 607
466 #define PRIV_MODULE8 608
467 #define PRIV_MODULE9 609
468 #define PRIV_MODULE10 610
469 #define PRIV_MODULE11 611
470 #define PRIV_MODULE12 612
471 #define PRIV_MODULE13 613
472 #define PRIV_MODULE14 614
473 #define PRIV_MODULE15 615
474
475 /*
476 * DDB(4) privileges.
477 */
478 #define PRIV_DDB_CAPTURE 620 /* Allow reading of DDB capture log. */
479
480 /*
481 * Arla/nnpfs privileges.
482 */
483 #define PRIV_NNPFS_DEBUG 630 /* Perforn ARLA_VIOC_NNPFSDEBUG. */
484
485 /*
486 * cpuctl(4) privileges.
487 */
488 #define PRIV_CPUCTL_WRMSR 640 /* Write model-specific register. */
489 #define PRIV_CPUCTL_UPDATE 641 /* Update cpu microcode. */
490
491 /*
492 * Capi4BSD privileges.
493 */
494 #define PRIV_C4B_RESET_CTLR 650 /* Load firmware, reset controller. */
495 #define PRIV_C4B_TRACE 651 /* Unrestricted CAPI message tracing. */
496
497 /*
498 * OpenAFS privileges.
499 */
500 #define PRIV_AFS_ADMIN 660 /* Can change AFS client settings. */
501 #define PRIV_AFS_DAEMON 661 /* Can become the AFS daemon. */
502
503 /*
504 * Resource Limits privileges.
505 */
506 #define PRIV_RCTL_GET_RACCT 670
507 #define PRIV_RCTL_GET_RULES 671
508 #define PRIV_RCTL_GET_LIMITS 672
509 #define PRIV_RCTL_ADD_RULE 673
510 #define PRIV_RCTL_REMOVE_RULE 674
511
512 /*
513 * mem(4) privileges.
514 */
515 #define PRIV_KMEM_READ 680 /* Open mem/kmem for reading. */
516 #define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */
517
518 /*
519 * Track end of privilege list.
520 */
521 #define _PRIV_HIGHEST 682
522
523 /*
524 * Validate that a named privilege is known by the privilege system. Invalid
525 * privileges presented to the privilege system by a priv_check interface
526 * will result in a panic. This is only approximate due to sparse allocation
527 * of the privilege space.
528 */
529 #define PRIV_VALID(x) ((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)
530
531 #ifdef _KERNEL
532 /*
533 * Privilege check interfaces, modeled after historic suser() interfaces, but
534 * with the addition of a specific privilege name. No flags are currently
535 * defined for the API. Historically, flags specified using the real uid
536 * instead of the effective uid, and whether or not the check should be
537 * allowed in jail.
538 */
539 struct thread;
540 struct ucred;
541 int priv_check(struct thread *td, int priv);
542 int priv_check_cred(struct ucred *cred, int priv);
543 int priv_check_cred_vfs_lookup(struct ucred *cred);
544 int priv_check_cred_vfs_lookup_nomac(struct ucred *cred);
545 int priv_check_cred_vfs_generation(struct ucred *cred);
546 #endif
547
548 #endif /* !_SYS_PRIV_H_ */
Cache object: 93a686a4612e448637731b700afeb28f
|