From owner-svn-src-all@FreeBSD.ORG Fri Aug 12 11:43:56 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A43D210656D3; Fri, 12 Aug 2011 11:43:56 +0000 (UTC) (envelope-from jonathan@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 8927F8FC1F; Fri, 12 Aug 2011 11:43:56 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p7CBhutW052059; Fri, 12 Aug 2011 11:43:56 GMT (envelope-from jonathan@svn.freebsd.org) Received: (from jonathan@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p7CBhudc052057; Fri, 12 Aug 2011 11:43:56 GMT (envelope-from jonathan@svn.freebsd.org) Message-Id: <201108121143.p7CBhudc052057@svn.freebsd.org> From: Jonathan Anderson Date: Fri, 12 Aug 2011 11:43:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224794 - head/sys/sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2011 11:43:56 -0000 Author: jonathan Date: Fri Aug 12 11:43:56 2011 New Revision: 224794 URL: http://svn.freebsd.org/changeset/base/224794 Log: Reorder and renumber capability rights. This patch does three things: - puts capability rights in a more pleasing declaration order - changes mask values to match the new declaration order - declare new rights which will be used soon (e.g. CAP_LOOKUP, CAP_MKDIR) Approved by: re (kib), mentor (rwatson) Sponsored by: Google Inc Modified: head/sys/sys/capability.h Modified: head/sys/sys/capability.h ============================================================================== --- head/sys/sys/capability.h Fri Aug 12 10:52:46 2011 (r224793) +++ head/sys/sys/capability.h Fri Aug 12 11:43:56 2011 (r224794) @@ -76,30 +76,38 @@ #define CAP_FSTAT 0x0000000000010000ULL #define CAP_FSTATFS 0x0000000000020000ULL #define CAP_FUTIMES 0x0000000000040000ULL +#define CAP_CREATE 0x0000000000080000ULL +#define CAP_DELETE 0x0000000000100000ULL +#define CAP_MKDIR 0x0000000000200000ULL +#define CAP_RMDIR 0x0000000000400000ULL +#define CAP_MKFIFO 0x0000000000800000ULL + +/* Lookups - used to constrain *at() calls. */ +#define CAP_LOOKUP 0x0000000001000000ULL /* Extended attributes. */ -#define CAP_EXTATTR_DELETE 0x0000000000080000ULL -#define CAP_EXTATTR_GET 0x0000000000100000ULL -#define CAP_EXTATTR_LIST 0x0000000000200000ULL -#define CAP_EXTATTR_SET 0x0000000000400000ULL +#define CAP_EXTATTR_DELETE 0x0000000002000000ULL +#define CAP_EXTATTR_GET 0x0000000004000000ULL +#define CAP_EXTATTR_LIST 0x0000000008000000ULL +#define CAP_EXTATTR_SET 0x0000000010000000ULL /* Access Control Lists. */ -#define CAP_ACL_CHECK 0x0000000000800000ULL -#define CAP_ACL_DELETE 0x0000000001000000ULL -#define CAP_ACL_GET 0x0000000002000000ULL -#define CAP_ACL_SET 0x0000000004000000ULL +#define CAP_ACL_CHECK 0x0000000020000000ULL +#define CAP_ACL_DELETE 0x0000000040000000ULL +#define CAP_ACL_GET 0x0000000080000000ULL +#define CAP_ACL_SET 0x0000000100000000ULL /* Socket operations. */ -#define CAP_ACCEPT 0x0000000008000000ULL -#define CAP_BIND 0x0000000010000000ULL -#define CAP_CONNECT 0x0000000020000000ULL -#define CAP_GETPEERNAME 0x0000000040000000ULL -#define CAP_GETSOCKNAME 0x0000000080000000ULL -#define CAP_GETSOCKOPT 0x0000000100000000ULL -#define CAP_LISTEN 0x0000000200000000ULL -#define CAP_PEELOFF 0x0000000400000000ULL -#define CAP_SETSOCKOPT 0x0000000800000000ULL -#define CAP_SHUTDOWN 0x0000001000000000ULL +#define CAP_ACCEPT 0x0000000200000000ULL +#define CAP_BIND 0x0000000400000000ULL +#define CAP_CONNECT 0x0000000800000000ULL +#define CAP_GETPEERNAME 0x0000001000000000ULL +#define CAP_GETSOCKNAME 0x0000002000000000ULL +#define CAP_GETSOCKOPT 0x0000004000000000ULL +#define CAP_LISTEN 0x0000008000000000ULL +#define CAP_PEELOFF 0x0000010000000000ULL +#define CAP_SETSOCKOPT 0x0000020000000000ULL +#define CAP_SHUTDOWN 0x0000040000000000ULL #define CAP_SOCK_ALL \ (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \ @@ -107,24 +115,24 @@ | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN) /* Mandatory Access Control. */ -#define CAP_MAC_GET 0x0000002000000000ULL -#define CAP_MAC_SET 0x0000004000000000ULL +#define CAP_MAC_GET 0x0000080000000000ULL +#define CAP_MAC_SET 0x0000100000000000ULL /* Methods on semaphores. */ -#define CAP_SEM_GETVALUE 0x0000008000000000ULL -#define CAP_SEM_POST 0x0000010000000000ULL -#define CAP_SEM_WAIT 0x0000020000000000ULL +#define CAP_SEM_GETVALUE 0x0000200000000000ULL +#define CAP_SEM_POST 0x0000400000000000ULL +#define CAP_SEM_WAIT 0x0000800000000000ULL /* kqueue events. */ -#define CAP_POLL_KEVENT 0x0000040000000000ULL -#define CAP_POST_KEVENT 0x0000080000000000ULL +#define CAP_POLL_KEVENT 0x0001000000000000ULL +#define CAP_POST_KEVENT 0x0002000000000000ULL /* Strange and powerful rights that should not be given lightly. */ -#define CAP_IOCTL 0x0000100000000000ULL -#define CAP_TTYHOOK 0x0000200000000000ULL +#define CAP_IOCTL 0x0004000000000000ULL +#define CAP_TTYHOOK 0x0008000000000000ULL /* The mask of all valid method rights. */ -#define CAP_MASK_VALID 0x00003fffffffffffULL +#define CAP_MASK_VALID 0x000fffffffffffffULL #ifdef _KERNEL