#ifndef _JAIL_CAPABILITIES_H_
#define _JAIL_CAPABILITIES_H_
-int drop_capabilities(const char *file);
+#include <libubox/blobmsg.h>
+#include <linux/capability.h>
+
+struct jail_capset {
+ uint64_t bounding;
+ uint64_t effective;
+ uint64_t inheritable;
+ uint64_t permitted;
+ uint64_t ambient;
+ uint8_t apply;
+};
+
+int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
+int parseOCIcapabilities_from_file(struct jail_capset *capset, const char *file);
+int applyOCIcapabilities(struct jail_capset capset, uint64_t retain);
+
+/* capget/capset syscall wrappers are provided by libc */
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
#endif
projects / project / procd.git / blobdiff