github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/strace/capability.go

github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/strace/capability.go (about)

     1  // Copyright 2019 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package strace
    16  
    17  import (
    18  	"github.com/nicocha30/gvisor-ligolo/pkg/abi"
    19  	"github.com/nicocha30/gvisor-ligolo/pkg/abi/linux"
    20  )
    21  
    22  // CapabilityBitset is the set of capabilities in a bitset.
    23  var CapabilityBitset = abi.FlagSet{
    24  	{
    25  		Flag: 1 << uint32(linux.CAP_CHOWN),
    26  		Name: "CAP_CHOWN",
    27  	},
    28  	{
    29  		Flag: 1 << uint32(linux.CAP_DAC_OVERRIDE),
    30  		Name: "CAP_DAC_OVERRIDE",
    31  	},
    32  	{
    33  		Flag: 1 << uint32(linux.CAP_DAC_READ_SEARCH),
    34  		Name: "CAP_DAC_READ_SEARCH",
    35  	},
    36  	{
    37  		Flag: 1 << uint32(linux.CAP_FOWNER),
    38  		Name: "CAP_FOWNER",
    39  	},
    40  	{
    41  		Flag: 1 << uint32(linux.CAP_FSETID),
    42  		Name: "CAP_FSETID",
    43  	},
    44  	{
    45  		Flag: 1 << uint32(linux.CAP_KILL),
    46  		Name: "CAP_KILL",
    47  	},
    48  	{
    49  		Flag: 1 << uint32(linux.CAP_SETGID),
    50  		Name: "CAP_SETGID",
    51  	},
    52  	{
    53  		Flag: 1 << uint32(linux.CAP_SETUID),
    54  		Name: "CAP_SETUID",
    55  	},
    56  	{
    57  		Flag: 1 << uint32(linux.CAP_SETPCAP),
    58  		Name: "CAP_SETPCAP",
    59  	},
    60  	{
    61  		Flag: 1 << uint32(linux.CAP_LINUX_IMMUTABLE),
    62  		Name: "CAP_LINUX_IMMUTABLE",
    63  	},
    64  	{
    65  		Flag: 1 << uint32(linux.CAP_NET_BIND_SERVICE),
    66  		Name: "CAP_NET_BIND_SERVICE",
    67  	},
    68  	{
    69  		Flag: 1 << uint32(linux.CAP_NET_BROADCAST),
    70  		Name: "CAP_NET_BROADCAST",
    71  	},
    72  	{
    73  		Flag: 1 << uint32(linux.CAP_NET_ADMIN),
    74  		Name: "CAP_NET_ADMIN",
    75  	},
    76  	{
    77  		Flag: 1 << uint32(linux.CAP_NET_RAW),
    78  		Name: "CAP_NET_RAW",
    79  	},
    80  	{
    81  		Flag: 1 << uint32(linux.CAP_IPC_LOCK),
    82  		Name: "CAP_IPC_LOCK",
    83  	},
    84  	{
    85  		Flag: 1 << uint32(linux.CAP_IPC_OWNER),
    86  		Name: "CAP_IPC_OWNER",
    87  	},
    88  	{
    89  		Flag: 1 << uint32(linux.CAP_SYS_MODULE),
    90  		Name: "CAP_SYS_MODULE",
    91  	},
    92  	{
    93  		Flag: 1 << uint32(linux.CAP_SYS_RAWIO),
    94  		Name: "CAP_SYS_RAWIO",
    95  	},
    96  	{
    97  		Flag: 1 << uint32(linux.CAP_SYS_CHROOT),
    98  		Name: "CAP_SYS_CHROOT",
    99  	},
   100  	{
   101  		Flag: 1 << uint32(linux.CAP_SYS_PTRACE),
   102  		Name: "CAP_SYS_PTRACE",
   103  	},
   104  	{
   105  		Flag: 1 << uint32(linux.CAP_SYS_PACCT),
   106  		Name: "CAP_SYS_PACCT",
   107  	},
   108  	{
   109  		Flag: 1 << uint32(linux.CAP_SYS_ADMIN),
   110  		Name: "CAP_SYS_ADMIN",
   111  	},
   112  	{
   113  		Flag: 1 << uint32(linux.CAP_SYS_BOOT),
   114  		Name: "CAP_SYS_BOOT",
   115  	},
   116  	{
   117  		Flag: 1 << uint32(linux.CAP_SYS_NICE),
   118  		Name: "CAP_SYS_NICE",
   119  	},
   120  	{
   121  		Flag: 1 << uint32(linux.CAP_SYS_RESOURCE),
   122  		Name: "CAP_SYS_RESOURCE",
   123  	},
   124  	{
   125  		Flag: 1 << uint32(linux.CAP_SYS_TIME),
   126  		Name: "CAP_SYS_TIME",
   127  	},
   128  	{
   129  		Flag: 1 << uint32(linux.CAP_SYS_TTY_CONFIG),
   130  		Name: "CAP_SYS_TTY_CONFIG",
   131  	},
   132  	{
   133  		Flag: 1 << uint32(linux.CAP_MKNOD),
   134  		Name: "CAP_MKNOD",
   135  	},
   136  	{
   137  		Flag: 1 << uint32(linux.CAP_LEASE),
   138  		Name: "CAP_LEASE",
   139  	},
   140  	{
   141  		Flag: 1 << uint32(linux.CAP_AUDIT_WRITE),
   142  		Name: "CAP_AUDIT_WRITE",
   143  	},
   144  	{
   145  		Flag: 1 << uint32(linux.CAP_AUDIT_CONTROL),
   146  		Name: "CAP_AUDIT_CONTROL",
   147  	},
   148  	{
   149  		Flag: 1 << uint32(linux.CAP_SETFCAP),
   150  		Name: "CAP_SETFCAP",
   151  	},
   152  	{
   153  		Flag: 1 << uint32(linux.CAP_MAC_OVERRIDE),
   154  		Name: "CAP_MAC_OVERRIDE",
   155  	},
   156  	{
   157  		Flag: 1 << uint32(linux.CAP_MAC_ADMIN),
   158  		Name: "CAP_MAC_ADMIN",
   159  	},
   160  	{
   161  		Flag: 1 << uint32(linux.CAP_SYSLOG),
   162  		Name: "CAP_SYSLOG",
   163  	},
   164  	{
   165  		Flag: 1 << uint32(linux.CAP_WAKE_ALARM),
   166  		Name: "CAP_WAKE_ALARM",
   167  	},
   168  	{
   169  		Flag: 1 << uint32(linux.CAP_BLOCK_SUSPEND),
   170  		Name: "CAP_BLOCK_SUSPEND",
   171  	},
   172  	{
   173  		Flag: 1 << uint32(linux.CAP_AUDIT_READ),
   174  		Name: "CAP_AUDIT_READ",
   175  	},
   176  }