From owner-svn-src-all@FreeBSD.ORG  Thu Nov 14 23:28:28 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B89717E1;
 Thu, 14 Nov 2013 23:28:28 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9842F2715;
 Thu, 14 Nov 2013 23:28:28 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rAENSSs1036882;
 Thu, 14 Nov 2013 23:28:28 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id rAENSSxI036881;
 Thu, 14 Nov 2013 23:28:28 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201311142328.rAENSSxI036881@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Thu, 14 Nov 2013 23:28:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r258154 - head/sys/sys
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2013 23:28:28 -0000

Author: pjd
Date: Thu Nov 14 23:28:28 2013
New Revision: 258154
URL: http://svnweb.freebsd.org/changeset/base/258154

Log:
  - Move CAP_EXTATTR_* and CAP_ACL_* rights to index 1 to have more room
    in index 0 for the future.
  - Move CAP_BINDAT and CAP_CONNECTAT rights to index 0 so we can include
    CAP_LOOKUP right in them.
  - Shuffle the bits around so there are no gaps. This is last chance to do
    that as all moved rights are not used yet.
  
  Sponsored by:	The FreeBSD Foundation
  MFC after:	3 days

Modified:
  head/sys/sys/capability.h

Modified: head/sys/sys/capability.h
==============================================================================
--- head/sys/sys/capability.h	Thu Nov 14 23:18:32 2013	(r258153)
+++ head/sys/sys/capability.h	Thu Nov 14 23:28:28 2013	(r258154)
@@ -168,49 +168,34 @@
  */
 #define	CAP_UNLINKAT		(CAP_LOOKUP | 0x0000000010000000ULL)
 
-/* Extended attributes. */
-/* Allows for extattr_delete_fd(2). */
-#define	CAP_EXTATTR_DELETE	CAPRIGHT(0, 0x0000000020000000ULL)
-/* Allows for extattr_get_fd(2). */
-#define	CAP_EXTATTR_GET		CAPRIGHT(0, 0x0000000040000000ULL)
-/* Allows for extattr_list_fd(2). */
-#define	CAP_EXTATTR_LIST	CAPRIGHT(0, 0x0000000080000000ULL)
-/* Allows for extattr_set_fd(2). */
-#define	CAP_EXTATTR_SET		CAPRIGHT(0, 0x0000000100000000ULL)
-
-/* Access Control Lists. */
-/* Allows for acl_valid_fd_np(3). */
-#define	CAP_ACL_CHECK		CAPRIGHT(0, 0x0000000200000000ULL)
-/* Allows for acl_delete_fd_np(3). */
-#define	CAP_ACL_DELETE		CAPRIGHT(0, 0x0000000400000000ULL)
-/* Allows for acl_get_fd(3) and acl_get_fd_np(3). */
-#define	CAP_ACL_GET		CAPRIGHT(0, 0x0000000800000000ULL)
-/* Allows for acl_set_fd(3) and acl_set_fd_np(3). */
-#define	CAP_ACL_SET		CAPRIGHT(0, 0x0000001000000000ULL)
-
 /* Socket operations. */
 /* Allows for accept(2) and accept4(2). */
-#define	CAP_ACCEPT		CAPRIGHT(0, 0x0000002000000000ULL)
+#define	CAP_ACCEPT		CAPRIGHT(0, 0x0000000020000000ULL)
 /* Allows for bind(2). */
-#define	CAP_BIND		CAPRIGHT(0, 0x0000004000000000ULL)
+#define	CAP_BIND		CAPRIGHT(0, 0x0000000040000000ULL)
 /* Allows for connect(2). */
-#define	CAP_CONNECT		CAPRIGHT(0, 0x0000008000000000ULL)
+#define	CAP_CONNECT		CAPRIGHT(0, 0x0000000080000000ULL)
 /* Allows for getpeername(2). */
-#define	CAP_GETPEERNAME		CAPRIGHT(0, 0x0000010000000000ULL)
+#define	CAP_GETPEERNAME		CAPRIGHT(0, 0x0000000100000000ULL)
 /* Allows for getsockname(2). */
-#define	CAP_GETSOCKNAME		CAPRIGHT(0, 0x0000020000000000ULL)
+#define	CAP_GETSOCKNAME		CAPRIGHT(0, 0x0000000200000000ULL)
 /* Allows for getsockopt(2). */
-#define	CAP_GETSOCKOPT		CAPRIGHT(0, 0x0000040000000000ULL)
+#define	CAP_GETSOCKOPT		CAPRIGHT(0, 0x0000000400000000ULL)
 /* Allows for listen(2). */
-#define	CAP_LISTEN		CAPRIGHT(0, 0x0000080000000000ULL)
+#define	CAP_LISTEN		CAPRIGHT(0, 0x0000000800000000ULL)
 /* Allows for sctp_peeloff(2). */
-#define	CAP_PEELOFF		CAPRIGHT(0, 0x0000100000000000ULL)
+#define	CAP_PEELOFF		CAPRIGHT(0, 0x0000001000000000ULL)
 #define	CAP_RECV		CAP_READ
 #define	CAP_SEND		CAP_WRITE
 /* Allows for setsockopt(2). */
-#define	CAP_SETSOCKOPT		CAPRIGHT(0, 0x0000200000000000ULL)
+#define	CAP_SETSOCKOPT		CAPRIGHT(0, 0x0000002000000000ULL)
 /* Allows for shutdown(2). */
-#define	CAP_SHUTDOWN		CAPRIGHT(0, 0x0000400000000000ULL)
+#define	CAP_SHUTDOWN		CAPRIGHT(0, 0x0000004000000000ULL)
+
+/* Allows for bindat(2) on a directory descriptor. */
+#define	CAP_BINDAT		(CAP_LOOKUP | 0x0000008000000000ULL)
+/* Allows for connectat(2) on a directory descriptor. */
+#define	CAP_CONNECTAT		(CAP_LOOKUP | 0x0000010000000000ULL)
 
 #define	CAP_SOCK_CLIENT \
 	(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
@@ -221,10 +206,10 @@
 	 CAP_SETSOCKOPT | CAP_SHUTDOWN)
 
 /* All used bits for index 0. */
-#define	CAP_ALL0		CAPRIGHT(0, 0x00007FFFFFFFFFFFULL)
+#define	CAP_ALL0		CAPRIGHT(0, 0x0000007FFFFFFFFFULL)
 
 /* Available bits for index 0. */
-#define	CAP_UNUSED0_48		CAPRIGHT(0, 0x0000800000000000ULL)
+#define	CAP_UNUSED0_40		CAPRIGHT(0, 0x0000008000000000ULL)
 /* ... */
 #define	CAP_UNUSED0_57		CAPRIGHT(0, 0x0100000000000000ULL)
 
@@ -258,20 +243,31 @@
 /* Allows for pdkill(2). */
 #define	CAP_PDKILL		CAPRIGHT(1, 0x0000000000000800ULL)
 
-/*
- * Rights that allow to use bindat(2) and connectat(2) syscalls on a
- * directory descriptor.
- */
-/* Allows for bindat(2) on a directory descriptor. */
-#define	CAP_BINDAT		CAPRIGHT(1, 0x0000000000001000ULL)
-/* Allows for connectat(2) on a directory descriptor. */
-#define	CAP_CONNECTAT		CAPRIGHT(1, 0x0000000000002000ULL)
+/* Extended attributes. */
+/* Allows for extattr_delete_fd(2). */
+#define	CAP_EXTATTR_DELETE	CAPRIGHT(1, 0x0000000000001000ULL)
+/* Allows for extattr_get_fd(2). */
+#define	CAP_EXTATTR_GET		CAPRIGHT(1, 0x0000000000002000ULL)
+/* Allows for extattr_list_fd(2). */
+#define	CAP_EXTATTR_LIST	CAPRIGHT(1, 0x0000000000004000ULL)
+/* Allows for extattr_set_fd(2). */
+#define	CAP_EXTATTR_SET		CAPRIGHT(1, 0x0000000000008000ULL)
+
+/* Access Control Lists. */
+/* Allows for acl_valid_fd_np(3). */
+#define	CAP_ACL_CHECK		CAPRIGHT(1, 0x0000000000010000ULL)
+/* Allows for acl_delete_fd_np(3). */
+#define	CAP_ACL_DELETE		CAPRIGHT(1, 0x0000000000020000ULL)
+/* Allows for acl_get_fd(3) and acl_get_fd_np(3). */
+#define	CAP_ACL_GET		CAPRIGHT(1, 0x0000000000040000ULL)
+/* Allows for acl_set_fd(3) and acl_set_fd_np(3). */
+#define	CAP_ACL_SET		CAPRIGHT(1, 0x0000000000080000ULL)
 
 /* All used bits for index 1. */
-#define	CAP_ALL1		CAPRIGHT(1, 0x0000000000003FFFULL)
+#define	CAP_ALL1		CAPRIGHT(1, 0x00000000000FFFFFULL)
 
 /* Available bits for index 1. */
-#define	CAP_UNUSED1_15		CAPRIGHT(1, 0x0000000000004000ULL)
+#define	CAP_UNUSED1_21		CAPRIGHT(1, 0x0000000000100000ULL)
 /* ... */
 #define	CAP_UNUSED1_57		CAPRIGHT(1, 0x0100000000000000ULL)