diff options
Diffstat (limited to 'vendor/rustix/src/thread')
| -rw-r--r-- | vendor/rustix/src/thread/clock.rs | 9 | ||||
| -rw-r--r-- | vendor/rustix/src/thread/id.rs | 98 | ||||
| -rw-r--r-- | vendor/rustix/src/thread/libcap.rs | 187 | ||||
| -rw-r--r-- | vendor/rustix/src/thread/mod.rs | 20 | ||||
| -rw-r--r-- | vendor/rustix/src/thread/prctl.rs | 459 | ||||
| -rw-r--r-- | vendor/rustix/src/thread/setns.rs | 25 |
6 files changed, 530 insertions, 268 deletions
diff --git a/vendor/rustix/src/thread/clock.rs b/vendor/rustix/src/thread/clock.rs index 57672fa17..620cb4ec0 100644 --- a/vendor/rustix/src/thread/clock.rs +++ b/vendor/rustix/src/thread/clock.rs @@ -3,11 +3,10 @@ use crate::{backend, io}; pub use backend::time::types::Timespec; #[cfg(not(any( + apple, target_os = "dragonfly", target_os = "emscripten", target_os = "freebsd", // FreeBSD 12 has clock_nanosleep, but libc targets FreeBSD 11. - target_os = "ios", - target_os = "macos", target_os = "openbsd", target_os = "redox", target_os = "wasi", @@ -27,12 +26,11 @@ pub use backend::time::types::ClockId; /// [POSIX]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/clock_nanosleep.html /// [Linux]: https://man7.org/linux/man-pages/man2/clock_nanosleep.2.html #[cfg(not(any( + apple, target_os = "dragonfly", target_os = "emscripten", target_os = "freebsd", // FreeBSD 12 has clock_nanosleep, but libc targets FreeBSD 11. target_os = "haiku", - target_os = "ios", - target_os = "macos", target_os = "openbsd", target_os = "redox", target_os = "wasi", @@ -55,12 +53,11 @@ pub fn clock_nanosleep_relative(id: ClockId, request: &Timespec) -> NanosleepRel /// [POSIX]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/clock_nanosleep.html /// [Linux]: https://man7.org/linux/man-pages/man2/clock_nanosleep.2.html #[cfg(not(any( + apple, target_os = "dragonfly", target_os = "emscripten", target_os = "freebsd", // FreeBSD 12 has clock_nanosleep, but libc targets FreeBSD 11. target_os = "haiku", - target_os = "ios", - target_os = "macos", target_os = "openbsd", target_os = "redox", target_os = "wasi", diff --git a/vendor/rustix/src/thread/id.rs b/vendor/rustix/src/thread/id.rs index 0d2fef026..59610ff03 100644 --- a/vendor/rustix/src/thread/id.rs +++ b/vendor/rustix/src/thread/id.rs @@ -1,5 +1,5 @@ -use crate::backend; -use crate::process::Pid; +use crate::process::{Gid, Pid, Uid}; +use crate::{backend, io}; /// `gettid()`—Returns the thread ID. /// @@ -15,3 +15,97 @@ use crate::process::Pid; pub fn gettid() -> Pid { backend::thread::syscalls::gettid() } + +/// `setuid(uid)` +/// +/// # Warning +/// +/// This is not the setxid you are looking for... POSIX requires xids to be +/// process granular, but on Linux they are per-thread. Thus, this call only +/// changes the xid for the current *thread*, not the entire process even +/// though that is in violation of the POSIX standard. +/// +/// For details on this distinction, see the C library vs. kernel differences +/// in the [man page][linux_notes]. This call implements the kernel behavior. +/// +/// # References +/// - [POSIX] +/// - [Linux] +/// +/// [POSIX]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/setuid.html +/// [Linux]: https://man7.org/linux/man-pages/man2/setuid.2.html +/// [linux_notes]: https://man7.org/linux/man-pages/man2/setuid.2.html#NOTES +#[inline] +pub fn set_thread_uid(uid: Uid) -> io::Result<()> { + backend::thread::syscalls::setuid_thread(uid) +} + +/// `setresuid(ruid, euid, suid)` +/// +/// # Warning +/// +/// This is not the setresxid you are looking for... POSIX requires xids to be +/// process granular, but on Linux they are per-thread. Thus, this call only +/// changes the xid for the current *thread*, not the entire process even +/// though that is in violation of the POSIX standard. +/// +/// For details on this distinction, see the C library vs. kernel differences +/// in the [man page][linux_notes] and the notes in [`set_thread_uid`]. This +/// call implements the kernel behavior. +/// +/// # References +/// - [Linux] +/// +/// [Linux]: https://man7.org/linux/man-pages/man2/setresuid.2.html +/// [linux_notes]: https://man7.org/linux/man-pages/man2/setresuid.2.html#NOTES +#[inline] +pub fn set_thread_res_uid(ruid: Uid, euid: Uid, suid: Uid) -> io::Result<()> { + backend::thread::syscalls::setresuid_thread(ruid, euid, suid) +} + +/// `setgid(gid)` +/// +/// # Warning +/// +/// This is not the setxid you are looking for... POSIX requires xids to be +/// process granular, but on Linux they are per-thread. Thus, this call only +/// changes the xid for the current *thread*, not the entire process even +/// though that is in violation of the POSIX standard. +/// +/// For details on this distinction, see the C library vs. kernel differences +/// in the [man page][linux_notes]. This call implements the kernel behavior. +/// +/// # References +/// - [POSIX] +/// - [Linux] +/// +/// [POSIX]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/setgid.html +/// [Linux]: https://man7.org/linux/man-pages/man2/setgid.2.html +/// [linux_notes]: https://man7.org/linux/man-pages/man2/setgid.2.html#NOTES +#[inline] +pub fn set_thread_gid(gid: Gid) -> io::Result<()> { + backend::thread::syscalls::setgid_thread(gid) +} + +/// `setresgid(rgid, egid, sgid)` +/// +/// # Warning +/// +/// This is not the setresxid you are looking for... POSIX requires xids to be +/// process granular, but on Linux they are per-thread. Thus, this call only +/// changes the xid for the current *thread*, not the entire process even +/// though that is in violation of the POSIX standard. +/// +/// For details on this distinction, see the C library vs. kernel differences +/// in the [man page][linux_notes] and the notes in [`set_thread_gid`]. This +/// call implements the kernel behavior. +/// +/// # References +/// - [Linux] +/// +/// [Linux]: https://man7.org/linux/man-pages/man2/setresgid.2.html +/// [linux_notes]: https://man7.org/linux/man-pages/man2/setresgid.2.html#NOTES +#[inline] +pub fn set_thread_res_gid(rgid: Gid, egid: Gid, sgid: Gid) -> io::Result<()> { + backend::thread::syscalls::setresgid_thread(rgid, egid, sgid) +} diff --git a/vendor/rustix/src/thread/libcap.rs b/vendor/rustix/src/thread/libcap.rs new file mode 100644 index 000000000..f4798b8f4 --- /dev/null +++ b/vendor/rustix/src/thread/libcap.rs @@ -0,0 +1,187 @@ +use bitflags::bitflags; +use core::mem::MaybeUninit; + +use crate::process::Pid; +use crate::{backend, io}; + +/// `__user_cap_data_struct` +#[derive(Clone, Copy, Debug, PartialEq, Eq)] +pub struct CapabilitySets { + /// `__user_cap_data_struct.effective` + pub effective: CapabilityFlags, + /// `__user_cap_data_struct.permitted` + pub permitted: CapabilityFlags, + /// `__user_cap_data_struct.inheritable` + pub inheritable: CapabilityFlags, +} + +bitflags! { + /// `CAP_*` constants. + pub struct CapabilityFlags: u64 { + /// `CAP_CHOWN` + const CHOWN = 1 << linux_raw_sys::general::CAP_CHOWN; + /// `CAP_DAC_OVERRIDE` + const DAC_OVERRIDE = 1 << linux_raw_sys::general::CAP_DAC_OVERRIDE; + /// `CAP_DAC_READ_SEARCH` + const DAC_READ_SEARCH = 1 << linux_raw_sys::general::CAP_DAC_READ_SEARCH; + /// `CAP_FOWNER` + const FOWNER = 1 << linux_raw_sys::general::CAP_FOWNER; + /// `CAP_FSETID` + const FSETID = 1 << linux_raw_sys::general::CAP_FSETID; + /// `CAP_KILL` + const KILL = 1 << linux_raw_sys::general::CAP_KILL; + /// `CAP_SETGID` + const SETGID = 1 << linux_raw_sys::general::CAP_SETGID; + /// `CAP_SETUID` + const SETUID = 1 << linux_raw_sys::general::CAP_SETUID; + /// `CAP_SETPCAP` + const SETPCAP = 1 << linux_raw_sys::general::CAP_SETPCAP; + /// `CAP_LINUX_IMMUTABLE` + const LINUX_IMMUTABLE = 1 << linux_raw_sys::general::CAP_LINUX_IMMUTABLE; + /// `CAP_NET_BIND_SERVICE` + const NET_BIND_SERVICE = 1 << linux_raw_sys::general::CAP_NET_BIND_SERVICE; + /// `CAP_NET_BROADCAST` + const NET_BROADCAST = 1 << linux_raw_sys::general::CAP_NET_BROADCAST; + /// `CAP_NET_ADMIN` + const NET_ADMIN = 1 << linux_raw_sys::general::CAP_NET_ADMIN; + /// `CAP_NET_RAW` + const NET_RAW = 1 << linux_raw_sys::general::CAP_NET_RAW; + /// `CAP_IPC_LOCK` + const IPC_LOCK = 1 << linux_raw_sys::general::CAP_IPC_LOCK; + /// `CAP_IPC_OWNER` + const IPC_OWNER = 1 << linux_raw_sys::general::CAP_IPC_OWNER; + /// `CAP_SYS_MODULE` + const SYS_MODULE = 1 << linux_raw_sys::general::CAP_SYS_MODULE; + /// `CAP_SYS_RAWIO` + const SYS_RAWIO = 1 << linux_raw_sys::general::CAP_SYS_RAWIO; + /// `CAP_SYS_CHROOT` + const SYS_CHROOT = 1 << linux_raw_sys::general::CAP_SYS_CHROOT; + /// `CAP_SYS_PTRACE` + const SYS_PTRACE = 1 << linux_raw_sys::general::CAP_SYS_PTRACE; + /// `CAP_SYS_PACCT` + const SYS_PACCT = 1 << linux_raw_sys::general::CAP_SYS_PACCT; + /// `CAP_SYS_ADMIN` + const SYS_ADMIN = 1 << linux_raw_sys::general::CAP_SYS_ADMIN; + /// `CAP_SYS_BOOT` + const SYS_BOOT = 1 << linux_raw_sys::general::CAP_SYS_BOOT; + /// `CAP_SYS_NICE` + const SYS_NICE = 1 << linux_raw_sys::general::CAP_SYS_NICE; + /// `CAP_SYS_RESOURCE` + const SYS_RESOURCE = 1 << linux_raw_sys::general::CAP_SYS_RESOURCE; + /// `CAP_SYS_TIME` + const SYS_TIME = 1 << linux_raw_sys::general::CAP_SYS_TIME; + /// `CAP_SYS_TTY_CONFIG` + const SYS_TTY_CONFIG = 1 << linux_raw_sys::general::CAP_SYS_TTY_CONFIG; + /// `CAP_MKNOD` + const MKNOD = 1 << linux_raw_sys::general::CAP_MKNOD; + /// `CAP_LEASE` + const LEASE = 1 << linux_raw_sys::general::CAP_LEASE; + /// `CAP_AUDIT_WRITE` + const AUDIT_WRITE = 1 << linux_raw_sys::general::CAP_AUDIT_WRITE; + /// `CAP_AUDIT_CONTROL` + const AUDIT_CONTROL = 1 << linux_raw_sys::general::CAP_AUDIT_CONTROL; + /// `CAP_SETFCAP` + const SETFCAP = 1 << linux_raw_sys::general::CAP_SETFCAP; + /// `CAP_MAC_OVERRIDE` + const MAC_OVERRIDE = 1 << linux_raw_sys::general::CAP_MAC_OVERRIDE; + /// `CAP_MAC_ADMIN` + const MAC_ADMIN = 1 << linux_raw_sys::general::CAP_MAC_ADMIN; + /// `CAP_SYSLOG` + const SYSLOG = 1 << linux_raw_sys::general::CAP_SYSLOG; + /// `CAP_WAKE_ALARM` + const WAKE_ALARM = 1 << linux_raw_sys::general::CAP_WAKE_ALARM; + /// `CAP_BLOCK_SUSPEND` + const BLOCK_SUSPEND = 1 << linux_raw_sys::general::CAP_BLOCK_SUSPEND; + /// `CAP_AUDIT_READ` + const AUDIT_READ = 1 << linux_raw_sys::general::CAP_AUDIT_READ; + /// `CAP_PERFMON` + const PERFMON = 1 << linux_raw_sys::general::CAP_PERFMON; + /// `CAP_BPF` + const BPF = 1 << linux_raw_sys::general::CAP_BPF; + /// `CAP_CHECKPOINT_RESTORE` + const CHECKPOINT_RESTORE = 1 << linux_raw_sys::general::CAP_CHECKPOINT_RESTORE; + } +} + +/// `capget(_LINUX_CAPABILITY_VERSION_3, pid)` +/// +/// # References +/// - [Linux] +/// +/// [Linux]: https://man7.org/linux/man-pages/man2/capget.2.html +#[inline] +#[doc(alias = "capget")] +pub fn capabilities(pid: Option<Pid>) -> io::Result<CapabilitySets> { + capget(pid) +} + +/// `capset(_LINUX_CAPABILITY_VERSION_3, pid, effective, permitted, +/// inheritable)` +/// +/// # References +/// - [Linux] +/// +/// [Linux]: https://man7.org/linux/man-pages/man2/capget.2.html +#[inline] +#[doc(alias = "capset")] +pub fn set_capabilities(pid: Option<Pid>, sets: CapabilitySets) -> io::Result<()> { + capset(pid, sets) +} + +#[inline] +#[allow(unsafe_code)] +fn capget(pid: Option<Pid>) -> io::Result<CapabilitySets> { + let mut data = [MaybeUninit::<linux_raw_sys::general::__user_cap_data_struct>::uninit(); 2]; + + let data = { + let mut header = linux_raw_sys::general::__user_cap_header_struct { + version: linux_raw_sys::general::_LINUX_CAPABILITY_VERSION_3, + pid: Pid::as_raw(pid) as backend::c::c_int, + }; + + backend::thread::syscalls::capget(&mut header, &mut data)?; + // SAFETY: v3 is a 64-bit implementation, so the kernel filled in both data + // structs. + unsafe { (data[0].assume_init(), data[1].assume_init()) } + }; + + { + // TODO: With Rust 1.53, we can use u32::BITS in the shifts. + const BITS: u32 = 32; + let effective = u64::from(data.0.effective) | (u64::from(data.1.effective) << BITS); + let permitted = u64::from(data.0.permitted) | (u64::from(data.1.permitted) << BITS); + let inheritable = u64::from(data.0.inheritable) | (u64::from(data.1.inheritable) << BITS); + + // SAFETY: the kernel returns a partitioned bitset that we just combined above + Ok(CapabilitySets { + effective: unsafe { CapabilityFlags::from_bits_unchecked(effective) }, + permitted: unsafe { CapabilityFlags::from_bits_unchecked(permitted) }, + inheritable: unsafe { CapabilityFlags::from_bits_unchecked(inheritable) }, + }) + } +} + +#[inline] +fn capset(pid: Option<Pid>, sets: CapabilitySets) -> io::Result<()> { + // TODO: With Rust 1.53, we can use u32::BITS in the shifts. + const BITS: u32 = 32; + + let mut header = linux_raw_sys::general::__user_cap_header_struct { + version: linux_raw_sys::general::_LINUX_CAPABILITY_VERSION_3, + pid: Pid::as_raw(pid) as backend::c::c_int, + }; + let data = [ + linux_raw_sys::general::__user_cap_data_struct { + effective: sets.effective.bits() as u32, + permitted: sets.permitted.bits() as u32, + inheritable: sets.inheritable.bits() as u32, + }, + linux_raw_sys::general::__user_cap_data_struct { + effective: (sets.effective.bits() >> BITS) as u32, + permitted: (sets.permitted.bits() >> BITS) as u32, + inheritable: (sets.inheritable.bits() >> BITS) as u32, + }, + ]; + + backend::thread::syscalls::capset(&mut header, &data) +} diff --git a/vendor/rustix/src/thread/mod.rs b/vendor/rustix/src/thread/mod.rs index b1dc849d9..86f231bcb 100644 --- a/vendor/rustix/src/thread/mod.rs +++ b/vendor/rustix/src/thread/mod.rs @@ -7,28 +7,20 @@ mod futex; #[cfg(any(target_os = "android", target_os = "linux"))] mod id; #[cfg(any(target_os = "android", target_os = "linux"))] +mod libcap; +#[cfg(any(target_os = "android", target_os = "linux"))] mod prctl; #[cfg(any(target_os = "android", target_os = "linux"))] mod setns; -#[cfg(not(any( - target_os = "dragonfly", - target_os = "emscripten", - target_os = "freebsd", - target_os = "haiku", - target_os = "ios", - target_os = "macos", - target_os = "openbsd", - target_os = "redox", - target_os = "wasi", -)))] -pub use clock::{clock_nanosleep_absolute, clock_nanosleep_relative, ClockId}; #[cfg(not(target_os = "redox"))] -pub use clock::{nanosleep, NanosleepRelativeResult, Timespec}; +pub use clock::*; #[cfg(linux_raw)] pub use futex::{futex, FutexFlags, FutexOperation}; #[cfg(any(target_os = "android", target_os = "linux"))] -pub use id::gettid; +pub use id::{gettid, set_thread_gid, set_thread_res_gid, set_thread_res_uid, set_thread_uid}; +#[cfg(any(target_os = "android", target_os = "linux"))] +pub use libcap::{capabilities, set_capabilities, CapabilityFlags, CapabilitySets}; #[cfg(any(target_os = "android", target_os = "linux"))] pub use prctl::*; #[cfg(any(target_os = "android", target_os = "linux"))] diff --git a/vendor/rustix/src/thread/prctl.rs b/vendor/rustix/src/thread/prctl.rs index a2191f7c3..f1ddf7d36 100644 --- a/vendor/rustix/src/thread/prctl.rs +++ b/vendor/rustix/src/thread/prctl.rs @@ -1,3 +1,12 @@ +//! Linux `prctl` wrappers. +//! +//! Rustix wraps variadic/dynamic-dispatch functions like `prctl` in +//! type-safe wrappers. +//! +//! # Safety +//! +//! The inner `prctl` calls are dynamically typed and must be called +//! correctly. #![allow(unsafe_code)] use core::convert::TryFrom; @@ -27,7 +36,7 @@ const PR_GET_KEEPCAPS: c_int = 7; /// Get the current state of the calling thread's `keep capabilities` flag. /// /// # References -/// - [`prctl(PR_GET_KEEPCAPS,...)`] +/// - [`prctl(PR_GET_KEEPCAPS,...)`] /// /// [`prctl(PR_GET_KEEPCAPS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -40,7 +49,7 @@ const PR_SET_KEEPCAPS: c_int = 8; /// Set the state of the calling thread's `keep capabilities` flag. /// /// # References -/// - [`prctl(PR_SET_KEEPCAPS,...)`] +/// - [`prctl(PR_SET_KEEPCAPS,...)`] /// /// [`prctl(PR_SET_KEEPCAPS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -57,7 +66,7 @@ const PR_GET_NAME: c_int = 16; /// Get the name of the calling thread. /// /// # References -/// - [`prctl(PR_GET_NAME,...)`] +/// - [`prctl(PR_GET_NAME,...)`] /// /// [`prctl(PR_GET_NAME,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -74,7 +83,7 @@ const PR_SET_NAME: c_int = 15; /// Set the name of the calling thread. /// /// # References -/// - [`prctl(PR_SET_NAME,...)`] +/// - [`prctl(PR_SET_NAME,...)`] /// /// [`prctl(PR_SET_NAME,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -131,7 +140,7 @@ impl TryFrom<i32> for SecureComputingMode { /// of obtaining the same information, without the risk that the process is killed; see `proc(5)`. /// /// # References -/// - [`prctl(PR_GET_SECCOMP,...)`] +/// - [`prctl(PR_GET_SECCOMP,...)`] /// /// [`prctl(PR_GET_SECCOMP,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -142,10 +151,11 @@ pub fn secure_computing_mode() -> io::Result<SecureComputingMode> { const PR_SET_SECCOMP: c_int = 22; -/// Set the secure computing mode for the calling thread, to limit the available system calls. +/// Set the secure computing mode for the calling thread, to limit the +/// available system calls. /// /// # References -/// - [`prctl(PR_SET_SECCOMP,...)`] +/// - [`prctl(PR_SET_SECCOMP,...)`] /// /// [`prctl(PR_SET_SECCOMP,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -159,249 +169,234 @@ pub fn set_secure_computing_mode(mode: SecureComputingMode) -> io::Result<()> { const PR_CAPBSET_READ: c_int = 23; -const CAP_CHOWN: u32 = 0; -const CAP_DAC_OVERRIDE: u32 = 1; -const CAP_DAC_READ_SEARCH: u32 = 2; -const CAP_FOWNER: u32 = 3; -const CAP_FSETID: u32 = 4; -const CAP_KILL: u32 = 5; -const CAP_SETGID: u32 = 6; -const CAP_SETUID: u32 = 7; -const CAP_SETPCAP: u32 = 8; -const CAP_LINUX_IMMUTABLE: u32 = 9; -const CAP_NET_BIND_SERVICE: u32 = 10; -const CAP_NET_BROADCAST: u32 = 11; -const CAP_NET_ADMIN: u32 = 12; -const CAP_NET_RAW: u32 = 13; -const CAP_IPC_LOCK: u32 = 14; -const CAP_IPC_OWNER: u32 = 15; -const CAP_SYS_MODULE: u32 = 16; -const CAP_SYS_RAWIO: u32 = 17; -const CAP_SYS_CHROOT: u32 = 18; -const CAP_SYS_PTRACE: u32 = 19; -const CAP_SYS_PACCT: u32 = 20; -const CAP_SYS_ADMIN: u32 = 21; -const CAP_SYS_BOOT: u32 = 22; -const CAP_SYS_NICE: u32 = 23; -const CAP_SYS_RESOURCE: u32 = 24; -const CAP_SYS_TIME: u32 = 25; -const CAP_SYS_TTY_CONFIG: u32 = 26; -const CAP_MKNOD: u32 = 27; -const CAP_LEASE: u32 = 28; -const CAP_AUDIT_WRITE: u32 = 29; -const CAP_AUDIT_CONTROL: u32 = 30; -const CAP_SETFCAP: u32 = 31; -const CAP_MAC_OVERRIDE: u32 = 32; -const CAP_MAC_ADMIN: u32 = 33; -const CAP_SYSLOG: u32 = 34; -const CAP_WAKE_ALARM: u32 = 35; -const CAP_BLOCK_SUSPEND: u32 = 36; -const CAP_AUDIT_READ: u32 = 37; -const CAP_PERFMON: u32 = 38; -const CAP_BPF: u32 = 39; -const CAP_CHECKPOINT_RESTORE: u32 = 40; - /// Linux per-thread capability. #[derive(Copy, Clone, Debug, Eq, PartialEq)] #[repr(u32)] pub enum Capability { - /// In a system with the `_POSIX_CHOWN_RESTRICTED` option defined, this overrides - /// the restriction of changing file ownership and group ownership. - ChangeOwnership = CAP_CHOWN, - /// Override all DAC access, including ACL execute access if `_POSIX_ACL` is defined. + /// In a system with the `_POSIX_CHOWN_RESTRICTED` option defined, this + /// overrides the restriction of changing file ownership and group + /// ownership. + ChangeOwnership = linux_raw_sys::general::CAP_CHOWN, + /// Override all DAC access, including ACL execute access if `_POSIX_ACL` + /// is defined. Excluding DAC access covered by + /// [`Capability::LinuxImmutable`]. + DACOverride = linux_raw_sys::general::CAP_DAC_OVERRIDE, + /// Overrides all DAC restrictions regarding read and search on files and + /// directories, including ACL restrictions if `_POSIX_ACL` is defined. /// Excluding DAC access covered by [`Capability::LinuxImmutable`]. - DACOverride = CAP_DAC_OVERRIDE, - /// Overrides all DAC restrictions regarding read and search on files and directories, - /// including ACL restrictions if `_POSIX_ACL` is defined. Excluding DAC access covered - /// by [`Capability::LinuxImmutable`]. - DACReadSearch = CAP_DAC_READ_SEARCH, - /// Overrides all restrictions about allowed operations on files, where file owner ID must be - /// equal to the user ID, except where [`Capability::FileSetID`] is applicable. - /// It doesn't override MAC and DAC restrictions. - FileOwner = CAP_FOWNER, - /// Overrides the following restrictions that the effective user ID shall match the file owner - /// ID when setting the `S_ISUID` and `S_ISGID` bits on that file; that the effective group ID - /// (or one of the supplementary group IDs) shall match the file owner ID when setting the - /// `S_ISGID` bit on that file; that the `S_ISUID` and `S_ISGID` bits are cleared on successful - /// return from `chown` (not implemented). - FileSetID = CAP_FSETID, - /// Overrides the restriction that the real or effective user ID of a process sending a signal - /// must match the real or effective user ID of the process receiving the signal. - Kill = CAP_KILL, - /// Allows `setgid` manipulation. Allows `setgroups`. Allows forged gids on socket - /// credentials passing. - SetGroupID = CAP_SETGID, - /// Allows `set*uid` manipulation (including fsuid). Allows forged pids on socket - /// credentials passing. - SetUserID = CAP_SETUID, + DACReadSearch = linux_raw_sys::general::CAP_DAC_READ_SEARCH, + /// Overrides all restrictions about allowed operations on files, where + /// file owner ID must be equal to the user ID, except where + /// [`Capability::FileSetID`] is applicable. It doesn't override MAC + /// and DAC restrictions. + FileOwner = linux_raw_sys::general::CAP_FOWNER, + /// Overrides the following restrictions that the effective user ID shall + /// match the file owner ID when setting the `S_ISUID` and `S_ISGID` + /// bits on that file; that the effective group ID (or one of the + /// supplementary group IDs) shall match the file owner ID when setting the + /// `S_ISGID` bit on that file; that the `S_ISUID` and `S_ISGID` bits are + /// cleared on successful return from `chown` (not implemented). + FileSetID = linux_raw_sys::general::CAP_FSETID, + /// Overrides the restriction that the real or effective user ID of a + /// process sending a signal must match the real or effective user ID + /// of the process receiving the signal. + Kill = linux_raw_sys::general::CAP_KILL, + /// Allows `setgid` manipulation. Allows `setgroups`. Allows forged gids on + /// socket credentials passing. + SetGroupID = linux_raw_sys::general::CAP_SETGID, + /// Allows `set*uid` manipulation (including fsuid). Allows forged pids on + /// socket credentials passing. + SetUserID = linux_raw_sys::general::CAP_SETUID, /// Without VFS support for capabilities: - /// - Transfer any capability in your permitted set to any pid. - /// - remove any capability in your permitted set from any pid. - /// With VFS support for capabilities (neither of above, but) - /// - Add any capability from current's capability bounding set to the current process' - /// inheritable set. - /// - Allow taking bits out of capability bounding set. - /// - Allow modification of the securebits for a process. - SetPermittedCapabilities = CAP_SETPCAP, + /// - Transfer any capability in your permitted set to any pid. + /// - remove any capability in your permitted set from any pid. With VFS + /// support for capabilities (neither of above, but) + /// - Add any capability from current's capability bounding set to the + /// current process' inheritable set. + /// - Allow taking bits out of capability bounding set. + /// - Allow modification of the securebits for a process. + SetPermittedCapabilities = linux_raw_sys::general::CAP_SETPCAP, /// Allow modification of `S_IMMUTABLE` and `S_APPEND` file attributes. - LinuxImmutable = CAP_LINUX_IMMUTABLE, - /// Allows binding to TCP/UDP sockets below 1024. Allows binding to ATM VCIs below 32. - NetBindService = CAP_NET_BIND_SERVICE, + LinuxImmutable = linux_raw_sys::general::CAP_LINUX_IMMUTABLE, + /// Allows binding to TCP/UDP sockets below 1024. Allows binding to ATM + /// VCIs below 32. + NetBindService = linux_raw_sys::general::CAP_NET_BIND_SERVICE, /// Allow broadcasting, listen to multicast. - NetBroadcast = CAP_NET_BROADCAST, - /// Allow interface configuration. Allow administration of IP firewall, masquerading and - /// accounting. Allow setting debug option on sockets. Allow modification of routing tables. - /// Allow setting arbitrary process / process group ownership on sockets. Allow binding to any - /// address for transparent proxying (also via [`Capability::NetRaw`]). Allow setting TOS - /// (type of service). Allow setting promiscuous mode. Allow clearing driver statistics. - /// Allow multicasting. Allow read/write of device-specific registers. Allow activation of ATM + NetBroadcast = linux_raw_sys::general::CAP_NET_BROADCAST, + /// Allow interface configuration. Allow administration of IP firewall, + /// masquerading and accounting. Allow setting debug option on sockets. + /// Allow modification of routing tables. Allow setting arbitrary + /// process / process group ownership on sockets. Allow binding to any + /// address for transparent proxying (also via [`Capability::NetRaw`]). + /// Allow setting TOS (type of service). Allow setting promiscuous + /// mode. Allow clearing driver statistics. Allow multicasting. Allow + /// read/write of device-specific registers. Allow activation of ATM /// control sockets. - NetAdmin = CAP_NET_ADMIN, - /// Allow use of `RAW` sockets. Allow use of `PACKET` sockets. Allow binding to any address for - /// transparent proxying (also via [`Capability::NetAdmin`]). - NetRaw = CAP_NET_RAW, - /// Allow locking of shared memory segments. Allow mlock and mlockall (which doesn't really have - /// anything to do with IPC). - IPCLock = CAP_IPC_LOCK, + NetAdmin = linux_raw_sys::general::CAP_NET_ADMIN, + /// Allow use of `RAW` sockets. Allow use of `PACKET` sockets. Allow + /// binding to any address for transparent proxying (also via + /// [`Capability::NetAdmin`]). + NetRaw = linux_raw_sys::general::CAP_NET_RAW, + /// Allow locking of shared memory segments. Allow mlock and mlockall + /// (which doesn't really have anything to do with IPC). + IPCLock = linux_raw_sys::general::CAP_IPC_LOCK, /// Override IPC ownership checks. - IPCOwner = CAP_IPC_OWNER, + IPCOwner = linux_raw_sys::general::CAP_IPC_OWNER, /// Insert and remove kernel modules - modify kernel without limit. - SystemModule = CAP_SYS_MODULE, - /// Allow ioperm/iopl access. Allow sending USB messages to any device via `/dev/bus/usb`. - SystemRawIO = CAP_SYS_RAWIO, + SystemModule = linux_raw_sys::general::CAP_SYS_MODULE, + /// Allow ioperm/iopl access. Allow sending USB messages to any device via + /// `/dev/bus/usb`. + SystemRawIO = linux_raw_sys::general::CAP_SYS_RAWIO, /// Allow use of `chroot`. - SystemChangeRoot = CAP_SYS_CHROOT, + SystemChangeRoot = linux_raw_sys::general::CAP_SYS_CHROOT, /// Allow `ptrace` of any process. - SystemProcessTrace = CAP_SYS_PTRACE, + SystemProcessTrace = linux_raw_sys::general::CAP_SYS_PTRACE, /// Allow configuration of process accounting. - SystemProcessAccounting = CAP_SYS_PACCT, - /// Allow configuration of the secure attention key. Allow administration of the random device. - /// Allow examination and configuration of disk quotas. Allow setting the domainname. - /// Allow setting the hostname. Allow `mount` and `umount`, setting up new smb connection. - /// Allow some autofs root ioctls. Allow nfsservctl. Allow `VM86_REQUEST_IRQ`. - /// Allow to read/write pci config on alpha. Allow `irix_prctl` on mips (setstacksize). - /// Allow flushing all cache on m68k (`sys_cacheflush`). Allow removing semaphores. - /// Used instead of [`Capability::ChangeOwnership`] to "chown" IPC message queues, semaphores - /// and shared memory. Allow locking/unlocking of shared memory segment. Allow turning swap - /// on/off. Allow forged pids on socket credentials passing. Allow setting readahead and - /// flushing buffers on block devices. Allow setting geometry in floppy driver. Allow turning - /// DMA on/off in `xd` driver. Allow administration of md devices (mostly the above, but some - /// extra ioctls). Allow tuning the ide driver. Allow access to the nvram device. Allow - /// administration of `apm_bios`, serial and bttv (TV) device. Allow manufacturer commands in - /// isdn CAPI support driver. Allow reading non-standardized portions of pci configuration - /// space. Allow DDI debug ioctl on sbpcd driver. Allow setting up serial ports. Allow sending - /// raw qic-117 commands. Allow enabling/disabling tagged queuing on SCSI controllers and - /// sending arbitrary SCSI commands. Allow setting encryption key on loopback filesystem. - /// Allow setting zone reclaim policy. Allow everything under - /// [`Capability::BerkeleyPacketFilters`] and [`Capability::PerformanceMonitoring`] for backward - /// compatibility. - SystemAdmin = CAP_SYS_ADMIN, + SystemProcessAccounting = linux_raw_sys::general::CAP_SYS_PACCT, + /// Allow configuration of the secure attention key. Allow administration + /// of the random device. Allow examination and configuration of disk + /// quotas. Allow setting the domainname. Allow setting the hostname. + /// Allow `mount` and `umount`, setting up new smb connection. + /// Allow some autofs root ioctls. Allow nfsservctl. Allow + /// `VM86_REQUEST_IRQ`. Allow to read/write pci config on alpha. Allow + /// `irix_prctl` on mips (setstacksize). Allow flushing all cache on + /// m68k (`sys_cacheflush`). Allow removing semaphores. Used instead of + /// [`Capability::ChangeOwnership`] to "chown" IPC message queues, + /// semaphores and shared memory. Allow locking/unlocking of shared + /// memory segment. Allow turning swap on/off. Allow forged pids on + /// socket credentials passing. Allow setting readahead and + /// flushing buffers on block devices. Allow setting geometry in floppy + /// driver. Allow turning DMA on/off in `xd` driver. Allow + /// administration of md devices (mostly the above, but some + /// extra ioctls). Allow tuning the ide driver. Allow access to the nvram + /// device. Allow administration of `apm_bios`, serial and bttv (TV) + /// device. Allow manufacturer commands in isdn CAPI support driver. + /// Allow reading non-standardized portions of pci configuration space. + /// Allow DDI debug ioctl on sbpcd driver. Allow setting up serial ports. + /// Allow sending raw qic-117 commands. Allow enabling/disabling tagged + /// queuing on SCSI controllers and sending arbitrary SCSI commands. + /// Allow setting encryption key on loopback filesystem. Allow setting + /// zone reclaim policy. Allow everything under + /// [`Capability::BerkeleyPacketFilters`] and + /// [`Capability::PerformanceMonitoring`] for backward compatibility. + SystemAdmin = linux_raw_sys::general::CAP_SYS_ADMIN, /// Allow use of `reboot`. - SystemBoot = CAP_SYS_BOOT, - /// Allow raising priority and setting priority on other (different UID) processes. Allow use of - /// FIFO and round-robin (realtime) scheduling on own processes and setting the scheduling - /// algorithm used by another process. Allow setting cpu affinity on other processes. - /// Allow setting realtime ioprio class. Allow setting ioprio class on other processes. - SystemNice = CAP_SYS_NICE, - /// Override resource limits. Set resource limits. Override quota limits. Override reserved - /// space on ext2 filesystem. Modify data journaling mode on ext3 filesystem (uses journaling - /// resources). NOTE: ext2 honors fsuid when checking for resource overrides, so you can - /// override using fsuid too. Override size restrictions on IPC message queues. Allow more than - /// 64hz interrupts from the real-time clock. Override max number of consoles on console - /// allocation. Override max number of keymaps. Control memory reclaim behavior. - SystemResource = CAP_SYS_RESOURCE, - /// Allow manipulation of system clock. Allow `irix_stime` on mips. Allow setting the real-time - /// clock. - SystemTime = CAP_SYS_TIME, + SystemBoot = linux_raw_sys::general::CAP_SYS_BOOT, + /// Allow raising priority and setting priority on other (different UID) + /// processes. Allow use of FIFO and round-robin (realtime) scheduling + /// on own processes and setting the scheduling algorithm used by + /// another process. Allow setting cpu affinity on other processes. + /// Allow setting realtime ioprio class. Allow setting ioprio class on + /// other processes. + SystemNice = linux_raw_sys::general::CAP_SYS_NICE, + /// Override resource limits. Set resource limits. Override quota limits. + /// Override reserved space on ext2 filesystem. Modify data journaling + /// mode on ext3 filesystem (uses journaling resources). NOTE: ext2 + /// honors fsuid when checking for resource overrides, so you can + /// override using fsuid too. Override size restrictions on IPC message + /// queues. Allow more than 64hz interrupts from the real-time clock. + /// Override max number of consoles on console allocation. Override max + /// number of keymaps. Control memory reclaim behavior. + SystemResource = linux_raw_sys::general::CAP_SYS_RESOURCE, + /// Allow manipulation of system clock. Allow `irix_stime` on mips. Allow + /// setting the real-time clock. + SystemTime = linux_raw_sys::general::CAP_SYS_TIME, /// Allow configuration of tty devices. Allow `vhangup` of tty. - SystemTTYConfig = CAP_SYS_TTY_CONFIG, + SystemTTYConfig = linux_raw_sys::general::CAP_SYS_TTY_CONFIG, /// Allow the privileged aspects of `mknod`. - MakeNode = CAP_MKNOD, + MakeNode = linux_raw_sys::general::CAP_MKNOD, /// Allow taking of leases on files. - Lease = CAP_LEASE, + Lease = linux_raw_sys::general::CAP_LEASE, /// Allow writing the audit log via unicast netlink socket. - AuditWrite = CAP_AUDIT_WRITE, + AuditWrite = linux_raw_sys::general::CAP_AUDIT_WRITE, /// Allow configuration of audit via unicast netlink socket. - AuditControl = CAP_AUDIT_CONTROL, - /// Set or remove capabilities on files. Map `uid=0` into a child user namespace. - SetFileCapabilities = CAP_SETFCAP, - /// Override MAC access. The base kernel enforces no MAC policy. An LSM may enforce a MAC - /// policy, and if it does and it chooses to implement capability based overrides of that - /// policy, this is the capability it should use to do so. - MACOverride = CAP_MAC_OVERRIDE, - /// Allow MAC configuration or state changes. The base kernel requires no MAC configuration. - /// An LSM may enforce a MAC policy, and if it does and it chooses to implement capability based - /// checks on modifications to that policy or the data required to maintain it, this is the - /// capability it should use to do so. - MACAdmin = CAP_MAC_ADMIN, + AuditControl = linux_raw_sys::general::CAP_AUDIT_CONTROL, + /// Set or remove capabilities on files. Map `uid=0` into a child user + /// namespace. + SetFileCapabilities = linux_raw_sys::general::CAP_SETFCAP, + /// Override MAC access. The base kernel enforces no MAC policy. An LSM may + /// enforce a MAC policy, and if it does and it chooses to implement + /// capability based overrides of that policy, this is the capability + /// it should use to do so. + MACOverride = linux_raw_sys::general::CAP_MAC_OVERRIDE, + /// Allow MAC configuration or state changes. The base kernel requires no + /// MAC configuration. An LSM may enforce a MAC policy, and if it does + /// and it chooses to implement capability based + /// checks on modifications to that policy or the data required to maintain + /// it, this is the capability it should use to do so. + MACAdmin = linux_raw_sys::general::CAP_MAC_ADMIN, /// Allow configuring the kernel's `syslog` (`printk` behaviour). - SystemLog = CAP_SYSLOG, + SystemLog = linux_raw_sys::general::CAP_SYSLOG, /// Allow triggering something that will wake the system. - WakeAlarm = CAP_WAKE_ALARM, + WakeAlarm = linux_raw_sys::general::CAP_WAKE_ALARM, /// Allow preventing system suspends. - BlockSuspend = CAP_BLOCK_SUSPEND, + BlockSuspend = linux_raw_sys::general::CAP_BLOCK_SUSPEND, /// Allow reading the audit log via multicast netlink socket. - AuditRead = CAP_AUDIT_READ, - /// Allow system performance and observability privileged operations using `perf_events`, - /// `i915_perf` and other kernel subsystems. - PerformanceMonitoring = CAP_PERFMON, + AuditRead = linux_raw_sys::general::CAP_AUDIT_READ, + /// Allow system performance and observability privileged operations using + /// `perf_events`, `i915_perf` and other kernel subsystems. + PerformanceMonitoring = linux_raw_sys::general::CAP_PERFMON, /// This capability allows the following BPF operations: - /// - Creating all types of BPF maps - /// - Advanced verifier features - /// - Indirect variable access - /// - Bounded loops - /// - BPF to BPF function calls - /// - Scalar precision tracking - /// - Larger complexity limits - /// - Dead code elimination - /// - And potentially other features - /// - Loading BPF Type Format (BTF) data - /// - Retrieve `xlated` and JITed code of BPF programs - /// - Use `bpf_spin_lock` helper + /// - Creating all types of BPF maps + /// - Advanced verifier features + /// - Indirect variable access + /// - Bounded loops + /// - BPF to BPF function calls + /// - Scalar precision tracking + /// - Larger complexity limits + /// - Dead code elimination + /// - And potentially other features + /// - Loading BPF Type Format (BTF) data + /// - Retrieve `xlated` and JITed code of BPF programs + /// - Use `bpf_spin_lock` helper /// - /// [`Capability::PerformanceMonitoring`] relaxes the verifier checks further: - /// - BPF progs can use of pointer-to-integer conversions - /// - speculation attack hardening measures are bypassed - /// - `bpf_probe_read` to read arbitrary kernel memory is allowed - /// - `bpf_trace_printk` to print kernel memory is allowed + /// [`Capability::PerformanceMonitoring`] relaxes the verifier checks + /// further: + /// - BPF progs can use of pointer-to-integer conversions + /// - speculation attack hardening measures are bypassed + /// - `bpf_probe_read` to read arbitrary kernel memory is allowed + /// - `bpf_trace_printk` to print kernel memory is allowed /// /// [`Capability::SystemAdmin`] is required to use bpf_probe_write_user. /// /// [`Capability::SystemAdmin`] is required to iterate system wide loaded /// programs, maps, links, BTFs and convert their IDs to file descriptors. /// - /// [`Capability::PerformanceMonitoring`] and [`Capability::BerkeleyPacketFilters`] are required - /// to load tracing programs. - /// [`Capability::NetAdmin`] and [`Capability::BerkeleyPacketFilters`] are required to load + /// [`Capability::PerformanceMonitoring`] and + /// [`Capability::BerkeleyPacketFilters`] are required to load tracing + /// programs. [`Capability::NetAdmin`] and + /// [`Capability::BerkeleyPacketFilters`] are required to load /// networking programs. - BerkeleyPacketFilters = CAP_BPF, - /// Allow checkpoint/restore related operations. Allow PID selection during `clone3`. - /// Allow writing to `ns_last_pid`. - CheckpointRestore = CAP_CHECKPOINT_RESTORE, + BerkeleyPacketFilters = linux_raw_sys::general::CAP_BPF, + /// Allow checkpoint/restore related operations. Allow PID selection during + /// `clone3`. Allow writing to `ns_last_pid`. + CheckpointRestore = linux_raw_sys::general::CAP_CHECKPOINT_RESTORE, } -/// Check if the specified capability is in the calling thread's capability bounding set. +/// Check if the specified capability is in the calling thread's capability +/// bounding set. /// /// # References -/// - [`prctl(PR_CAPBSET_READ,...)`] +/// - [`prctl(PR_CAPBSET_READ,...)`] /// /// [`prctl(PR_CAPBSET_READ,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] -pub fn is_in_capability_bounding_set(capability: Capability) -> io::Result<bool> { +pub fn capability_is_in_bounding_set(capability: Capability) -> io::Result<bool> { unsafe { prctl_2args(PR_CAPBSET_READ, capability as usize as *mut _) }.map(|r| r != 0) } const PR_CAPBSET_DROP: c_int = 24; -/// If the calling thread has the [`Capability::SetPermittedCapabilities`] capability within its -/// user namespace, then drop the specified capability from the thread's capability bounding set. +/// If the calling thread has the [`Capability::SetPermittedCapabilities`] +/// capability within its user namespace, then drop the specified capability +/// from the thread's capability bounding set. /// /// # References -/// - [`prctl(PR_CAPBSET_DROP,...)`] +/// - [`prctl(PR_CAPBSET_DROP,...)`] /// /// [`prctl(PR_CAPBSET_DROP,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] -pub fn remove_capability_from_capability_bounding_set(capability: Capability) -> io::Result<()> { +pub fn remove_capability_from_bounding_set(capability: Capability) -> io::Result<()> { unsafe { prctl_2args(PR_CAPBSET_DROP, capability as usize as *mut _) }.map(|_r| ()) } @@ -442,7 +437,7 @@ bitflags! { /// Get the `securebits` flags of the calling thread. /// /// # References -/// - [`prctl(PR_GET_SECUREBITS,...)`] +/// - [`prctl(PR_GET_SECUREBITS,...)`] /// /// [`prctl(PR_GET_SECUREBITS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -456,7 +451,7 @@ const PR_SET_SECUREBITS: c_int = 28; /// Set the `securebits` flags of the calling thread. /// /// # References -/// - [`prctl(PR_SET_SECUREBITS,...)`] +/// - [`prctl(PR_SET_SECUREBITS,...)`] /// /// [`prctl(PR_SET_SECUREBITS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -473,7 +468,7 @@ const PR_GET_TIMERSLACK: c_int = 30; /// Get the `current` timer slack value of the calling thread. /// /// # References -/// - [`prctl(PR_GET_TIMERSLACK,...)`] +/// - [`prctl(PR_GET_TIMERSLACK,...)`] /// /// [`prctl(PR_GET_TIMERSLACK,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -486,7 +481,7 @@ const PR_SET_TIMERSLACK: c_int = 29; /// Sets the `current` timer slack value for the calling thread. /// /// # References -/// - [`prctl(PR_SET_TIMERSLACK,...)`] +/// - [`prctl(PR_SET_TIMERSLACK,...)`] /// /// [`prctl(PR_SET_TIMERSLACK,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -504,7 +499,7 @@ const PR_GET_NO_NEW_PRIVS: c_int = 39; /// Get the value of the `no_new_privs` attribute for the calling thread. /// /// # References -/// - [`prctl(PR_GET_NO_NEW_PRIVS,...)`] +/// - [`prctl(PR_GET_NO_NEW_PRIVS,...)`] /// /// [`prctl(PR_GET_NO_NEW_PRIVS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -517,7 +512,7 @@ const PR_SET_NO_NEW_PRIVS: c_int = 38; /// Set the calling thread's `no_new_privs` attribute. /// /// # References -/// - [`prctl(PR_SET_NO_NEW_PRIVS,...)`] +/// - [`prctl(PR_SET_NO_NEW_PRIVS,...)`] /// /// [`prctl(PR_SET_NO_NEW_PRIVS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -535,7 +530,7 @@ const PR_GET_TID_ADDRESS: c_int = 40; /// and `clone`'s `CLONE_CHILD_CLEARTID` flag. /// /// # References -/// - [`prctl(PR_GET_TID_ADDRESS,...)`] +/// - [`prctl(PR_GET_TID_ADDRESS,...)`] /// /// [`prctl(PR_GET_TID_ADDRESS,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -552,7 +547,7 @@ const PR_GET_THP_DISABLE: c_int = 42; /// Get the current setting of the `THP disable` flag for the calling thread. /// /// # References -/// - [`prctl(PR_GET_THP_DISABLE,...)`] +/// - [`prctl(PR_GET_THP_DISABLE,...)`] /// /// [`prctl(PR_GET_THP_DISABLE,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -565,7 +560,7 @@ const PR_SET_THP_DISABLE: c_int = 41; /// Set the state of the `THP disable` flag for the calling thread. /// /// # References -/// - [`prctl(PR_SET_THP_DISABLE,...)`] +/// - [`prctl(PR_SET_THP_DISABLE,...)`] /// /// [`prctl(PR_SET_THP_DISABLE,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -584,11 +579,11 @@ const PR_CAP_AMBIENT_IS_SET: usize = 1; /// Check if the specified capability is in the ambient set. /// /// # References -/// - [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_IS_SET,...)`] +/// - [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_IS_SET,...)`] /// /// [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_IS_SET,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] -pub fn capability_is_in_ambient_capability_set(capability: Capability) -> io::Result<bool> { +pub fn capability_is_in_ambient_set(capability: Capability) -> io::Result<bool> { let cap = capability as usize as *mut _; unsafe { prctl_3args(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET as *mut _, cap) }.map(|r| r != 0) } @@ -598,7 +593,7 @@ const PR_CAP_AMBIENT_CLEAR_ALL: usize = 4; /// Remove all capabilities from the ambient set. /// /// # References -/// - [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_CLEAR_ALL,...)`] +/// - [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_CLEAR_ALL,...)`] /// /// [`prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_CLEAR_ALL,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -612,14 +607,11 @@ const PR_CAP_AMBIENT_LOWER: usize = 3; /// Add or remove the specified capability to the ambient set. /// /// # References -/// - [`prctl(PR_CAP_AMBIENT,...)`] +/// - [`prctl(PR_CAP_AMBIENT,...)`] /// /// [`prctl(PR_CAP_AMBIENT,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] -pub fn configure_capability_in_ambient_capability_set( - capability: Capability, - enable: bool, -) -> io::Result<()> { +pub fn configure_capability_in_ambient_set(capability: Capability, enable: bool) -> io::Result<()> { let sub_operation = if enable { PR_CAP_AMBIENT_RAISE } else { @@ -651,7 +643,7 @@ pub struct SVEVectorLengthConfig { /// Get the thread's current SVE vector length configuration. /// /// # References -/// - [`prctl(PR_SVE_GET_VL,...)`] +/// - [`prctl(PR_SVE_GET_VL,...)`] /// /// [`prctl(PR_SVE_GET_VL,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -670,7 +662,7 @@ const PR_SVE_SET_VL_ONEXEC: u32 = 1_u32 << 18; /// Configure the thread's vector length of Scalable Vector Extension. /// /// # References -/// - [`prctl(PR_SVE_SET_VL,...)`] +/// - [`prctl(PR_SVE_SET_VL,...)`] /// /// # Safety /// @@ -706,11 +698,11 @@ pub unsafe fn set_sve_vector_length_configuration( const PR_PAC_RESET_KEYS: c_int = 54; -/// Securely reset the thread's pointer authentication keys to fresh random values generated -/// by the kernel. +/// Securely reset the thread's pointer authentication keys to fresh random +/// values generated by the kernel. /// /// # References -/// - [`prctl(PR_PAC_RESET_KEYS,...)`] +/// - [`prctl(PR_PAC_RESET_KEYS,...)`] /// /// # Safety /// @@ -750,7 +742,7 @@ bitflags! { /// Get the current tagged address mode for the calling thread. /// /// # References -/// - [`prctl(PR_GET_TAGGED_ADDR_CTRL,...)`] +/// - [`prctl(PR_GET_TAGGED_ADDR_CTRL,...)`] /// /// [`prctl(PR_GET_TAGGED_ADDR_CTRL,...)`]: https://man7.org/linux/man-pages/man2/prctl.2.html #[inline] @@ -766,7 +758,7 @@ const PR_SET_TAGGED_ADDR_CTRL: c_int = 55; /// Controls support for passing tagged user-space addresses to the kernel. /// /// # References -/// - [`prctl(PR_SET_TAGGED_ADDR_CTRL,...)`] +/// - [`prctl(PR_SET_TAGGED_ADDR_CTRL,...)`] /// /// # Safety /// @@ -795,7 +787,7 @@ const PR_SYS_DISPATCH_OFF: usize = 0; /// Disable Syscall User Dispatch mechanism. /// /// # References -/// - [`prctl(PR_SET_SYSCALL_USER_DISPATCH,PR_SYS_DISPATCH_OFF,...)`] +/// - [`prctl(PR_SET_SYSCALL_USER_DISPATCH,PR_SYS_DISPATCH_OFF,...)`] /// /// # Safety /// @@ -815,8 +807,8 @@ const SYSCALL_DISPATCH_FILTER_ALLOW: u8 = 0; /// Block system calls from executing. const SYSCALL_DISPATCH_FILTER_BLOCK: u8 = 1; -/// Value of the fast switch flag controlling system calls user dispatch mechanism without the need -/// to issue a syscall. +/// Value of the fast switch flag controlling system calls user dispatch +/// mechanism without the need to issue a syscall. #[derive(Copy, Clone, Debug, Eq, PartialEq)] #[repr(u8)] pub enum SysCallUserDispatchFastSwitch { @@ -841,7 +833,7 @@ impl TryFrom<u8> for SysCallUserDispatchFastSwitch { /// Enable Syscall User Dispatch mechanism. /// /// # References -/// - [`prctl(PR_SET_SYSCALL_USER_DISPATCH,PR_SYS_DISPATCH_ON,...)`] +/// - [`prctl(PR_SET_SYSCALL_USER_DISPATCH,PR_SYS_DISPATCH_ON,...)`] /// /// # Safety /// @@ -882,7 +874,8 @@ const PR_SCHED_CORE_SCOPE_PROCESS_GROUP: u32 = 2; pub enum CoreSchedulingScope { /// Operation will be performed for the thread. Thread = PR_SCHED_CORE_SCOPE_THREAD, - /// Operation will be performed for all tasks in the task group of the process. + /// Operation will be performed for all tasks in the task group of the + /// process. ThreadGroup = PR_SCHED_CORE_SCOPE_THREAD_GROUP, /// Operation will be performed for all processes in the process group. ProcessGroup = PR_SCHED_CORE_SCOPE_PROCESS_GROUP, @@ -904,7 +897,7 @@ impl TryFrom<u32> for CoreSchedulingScope { /// Get core scheduling cookie of a process. /// /// # References -/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_GET,...)`] +/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_GET,...)`] /// /// [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_GET,...)`]: https://www.kernel.org/doc/html/v5.18/admin-guide/hw-vuln/core-scheduling.html #[inline] @@ -927,7 +920,7 @@ const PR_SCHED_CORE_CREATE: usize = 1; /// Create unique core scheduling cookie. /// /// # References -/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_CREATE,...)`] +/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_CREATE,...)`] /// /// [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_CREATE,...)`]: https://www.kernel.org/doc/html/v5.18/admin-guide/hw-vuln/core-scheduling.html #[inline] @@ -949,7 +942,7 @@ const PR_SCHED_CORE_SHARE_TO: usize = 2; /// Push core scheduling cookie to a process. /// /// # References -/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_TO,...)`] +/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_TO,...)`] /// /// [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_TO,...)`]: https://www.kernel.org/doc/html/v5.18/admin-guide/hw-vuln/core-scheduling.html #[inline] @@ -971,7 +964,7 @@ const PR_SCHED_CORE_SHARE_FROM: usize = 3; /// Pull core scheduling cookie from a process. /// /// # References -/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_FROM,...)`] +/// - [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_FROM,...)`] /// /// [`prctl(PR_SCHED_CORE,PR_SCHED_CORE_SHARE_FROM,...)`]: https://www.kernel.org/doc/html/v5.18/admin-guide/hw-vuln/core-scheduling.html #[inline] diff --git a/vendor/rustix/src/thread/setns.rs b/vendor/rustix/src/thread/setns.rs index 5295bab94..81c9225e3 100644 --- a/vendor/rustix/src/thread/setns.rs +++ b/vendor/rustix/src/thread/setns.rs @@ -1,5 +1,3 @@ -#![allow(unsafe_code)] - use bitflags::bitflags; use linux_raw_sys::general::{ CLONE_FILES, CLONE_FS, CLONE_NEWCGROUP, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, @@ -81,15 +79,16 @@ bitflags! { } } -/// Reassociate the calling thread with the namespace associated with link referred to by `fd`. +/// Reassociate the calling thread with the namespace associated with link +/// referred to by `fd`. /// -/// `fd` must refer to one of the magic links in a `/proc/[pid]/ns/` directory, or a bind mount -/// to such a link. +/// `fd` must refer to one of the magic links in a `/proc/[pid]/ns/` directory, +/// or a bind mount to such a link. /// /// # References -/// - [`setns`] +/// - [Linux] /// -/// [`setns`]: https://man7.org/linux/man-pages/man2/setns.2.html +/// [Linux]: https://man7.org/linux/man-pages/man2/setns.2.html pub fn move_into_link_name_space( fd: BorrowedFd, allowed_type: Option<LinkNameSpaceType>, @@ -98,15 +97,15 @@ pub fn move_into_link_name_space( syscalls::setns(fd, allowed_type).map(|_r| ()) } -/// Atomically move the calling thread into one or more of the same namespaces as the thread -/// referred to by `fd`. +/// Atomically move the calling thread into one or more of the same namespaces +/// as the thread referred to by `fd`. /// /// `fd` must refer to a thread ID. See: `pidfd_open` and `clone`. /// /// # References -/// - [`setns`] +/// - [Linux] /// -/// [`setns`]: https://man7.org/linux/man-pages/man2/setns.2.html +/// [Linux]: https://man7.org/linux/man-pages/man2/setns.2.html pub fn move_into_thread_name_spaces( fd: BorrowedFd, allowed_types: ThreadNameSpaceType, @@ -118,9 +117,9 @@ pub fn move_into_thread_name_spaces( /// context with other threads. /// /// # References -/// - [`unshare`] +/// - [Linux] /// -/// [`unshare`]: https://man7.org/linux/man-pages/man2/unshare.2.html +/// [Linux]: https://man7.org/linux/man-pages/man2/unshare.2.html pub fn unshare(flags: UnshareFlags) -> io::Result<()> { syscalls::unshare(flags) } |