diff options
Diffstat (limited to 'freebsd/sys/sys/priv.h')
-rw-r--r-- | freebsd/sys/sys/priv.h | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/freebsd/sys/sys/priv.h b/freebsd/sys/sys/priv.h index 1d1e8f20..ec0943aa 100644 --- a/freebsd/sys/sys/priv.h +++ b/freebsd/sys/sys/priv.h @@ -45,8 +45,9 @@ * loadable kernel module ABI, and should not be changed across minor * releases. * - * When adding a new privilege, remember to determine if it's appropriate for - * use in jail, and update the privilege switch in kern_jail.c as necessary. + * When adding a new privilege, remember to determine if it's appropriate + * for use in jail, and update the privilege switch in prison_priv_check() + * in kern_jail.c as necessary. */ /* @@ -111,6 +112,7 @@ #define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */ #define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */ #define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */ +#define PRIV_DEBUG_DENIED 83 /* Exempt P2_NOTRACE. */ /* * Dtrace privileges. @@ -132,7 +134,7 @@ #define PRIV_JAIL_REMOVE 112 /* Remove a jail. */ /* - * Kernel environment priveleges. + * Kernel environment privileges. */ #define PRIV_KENV_SET 120 /* Set kernel env. variables. */ #define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */ @@ -158,7 +160,8 @@ #define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */ #define PRIV_PROC_SETLOGINCLASS 163 /* Can call setloginclass(2). */ -/* System V IPC privileges. +/* + * System V IPC privileges. */ #define PRIV_IPC_READ 170 /* Can override IPC read perm. */ #define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */ @@ -338,6 +341,8 @@ #define PRIV_NET_SETIFVNET 417 /* Move interface to vnet. */ #define PRIV_NET_SETIFDESCR 418 /* Set interface description. */ #define PRIV_NET_SETIFFIB 419 /* Set interface fib. */ +#define PRIV_NET_VXLAN 420 /* Administer vxlan. */ +#define PRIV_NET_SETVLANPCP 421 /* Set VLAN priority. */ /* * 802.11-related privileges. @@ -346,9 +351,9 @@ #define PRIV_NET80211_MANAGE 441 /* Administer 802.11. */ /* - * AppleTalk privileges. + * Placeholder for AppleTalk privileges, not supported anymore. */ -#define PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */ +#define _PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */ /* * ATM privileges. @@ -389,12 +394,13 @@ #define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */ #define PRIV_NETINET_SETHDROPTS 505 /* Set certain IPv4/6 header options. */ #define PRIV_NETINET_BINDANY 506 /* Allow bind to any address. */ +#define PRIV_NETINET_HASHKEY 507 /* Get and set hash keys for IPv4/6. */ /* - * IPX/SPX privileges. + * Placeholders for IPX/SPX privileges, not supported any more. */ -#define PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */ -#define PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */ +#define _PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */ +#define _PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */ /* * NCP privileges. @@ -494,9 +500,15 @@ #define PRIV_RCTL_REMOVE_RULE 674 /* + * mem(4) privileges. + */ +#define PRIV_KMEM_READ 680 /* Open mem/kmem for reading. */ +#define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */ + +/* * Track end of privilege list. */ -#define _PRIV_HIGHEST 675 +#define _PRIV_HIGHEST 682 /* * Validate that a named privilege is known by the privilege system. Invalid |