{-# LANGUAGE DerivingStrategies #-}

-- |
-- Copyright: (c) 2021 Red Hat
-- SPDX-License-Identifier: Apache-2.0
-- Maintainer: Tristan de Cacqueray <tdecacqu@redhat.com>
module System.Linux.Capabilities (Capability (..)) where

-- | Linux capabilities
data Capability
  = -- | - In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
    -- overrides the restriction of changing file ownership and group
    -- ownership.
    CAP_CHOWN
  | -- | - Override all DAC access, including ACL execute access if
    -- [_POSIX_ACL] is defined. Excluding DAC access covered by
    -- CAP_LINUX_IMMUTABLE.
    CAP_DAC_OVERRIDE
  | -- | - Overrides all DAC restrictions regarding read and search on files
    -- and directories, including ACL restrictions if [_POSIX_ACL] is
    -- defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
    CAP_DAC_READ_SEARCH
  | -- | - Overrides all restrictions about allowed operations on files, where
    -- file owner ID must be equal to the user ID, except where CAP_FSETID
    -- is applicable. It doesn't override MAC and DAC restrictions.
    CAP_FOWNER
  | -- | - Overrides the following restrictions that the effective user ID
    -- shall match the file owner ID when setting the S_ISUID and S_ISGID
    -- bits on that file; that the effective group ID (or one of the
    -- supplementary group IDs) shall match the file owner ID when setting
    -- the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are
    -- cleared on successful return from chown(2) (not implemented).
    CAP_FSETID
  | -- | - Overrides the restriction that the real or effective user ID of a
    -- process sending a signal must match the real or effective user ID
    -- of the process receiving the signal.
    CAP_KILL
  | -- | - Allows setgid(2) manipulation
    -- - Allows setgroups(2)
    -- - Allows forged gids on socket credentials passing.
    CAP_SETGID
  | -- | - Allows set*uid(2) manipulation (including fsuid).
    -- - Allows forged pids on socket credentials passing.
    CAP_SETUID
  | -- | - Without VFS support for capabilities:
    --   Transfer any capability in your permitted set to any pid,
    --   remove any capability in your permitted set from any pid
    -- With VFS support for capabilities (neither of above, but)
    --   Add any capability from current's capability bounding set
    --    to the current process' inheritable set
    --   Allow taking bits out of capability bounding set
    --   Allow modification of the securebits for a process
    CAP_SETPCAP
  | -- | - Allow modification of S_IMMUTABLE and S_APPEND file attributes
    CAP_LINUX_IMMUTABLE
  | -- | - Allows binding to TCP/UDP sockets below 1024
    -- - Allows binding to ATM VCIs below 32
    CAP_NET_BIND_SERVICE
  | -- | - Allow broadcasting, listen to multicast
    CAP_NET_BROADCAST
  | -- | - Allow interface configuration
    -- - Allow administration of IP firewall, masquerading and accounting
    -- - Allow setting debug option on sockets
    -- - Allow modification of routing tables
    -- - Allow setting arbitrary process / process group ownership on
    -- sockets
    -- - Allow binding to any address for transparent proxying (also via NET_RAW)
    -- - Allow setting TOS (type of service)
    -- - Allow setting promiscuous mode
    -- - Allow clearing driver statistics
    -- - Allow multicasting
    -- - Allow read/write of device-specific registers
    -- - Allow activation of ATM control sockets
    CAP_NET_ADMIN
  | -- | - Allow use of RAW sockets
    -- - Allow use of PACKET sockets
    -- - Allow binding to any address for transparent proxying (also via NET_ADMIN)
    CAP_NET_RAW
  | -- | - Allow locking of shared memory segments
    -- - Allow mlock and mlockall (which doesn't really have anything to do
    -- with IPC)
    CAP_IPC_LOCK
  | -- | - Override IPC ownership checks
    CAP_IPC_OWNER
  | -- | - Insert and remove kernel modules - modify kernel without limit
    CAP_SYS_MODULE
  | -- | - Allow ioperm/iopl access
    -- - Allow sending USB messages to any device via /dev/bus/usb
    CAP_SYS_RAWIO
  | -- | - Allow use of chroot()
    CAP_SYS_CHROOT
  | -- | - Allow ptrace() of any process
    CAP_SYS_PTRACE
  | -- | - Allow configuration of process accounting
    CAP_SYS_PACCT
  | -- | - Allow configuration of the secure attention key
    -- - Allow administration of the random device
    -- - Allow examination and configuration of disk quotas
    -- - Allow setting the domainname
    -- - Allow setting the hostname
    -- - Allow calling bdflush()
    -- - Allow mount() and umount(), setting up new smb connection
    -- - Allow some autofs root ioctls
    -- - Allow nfsservctl
    -- - Allow VM86_REQUEST_IRQ
    -- - Allow to read/write pci config on alpha
    -- - Allow irix_prctl on mips (setstacksize)
    -- - Allow flushing all cache on m68k (sys_cacheflush)
    -- - Allow removing semaphores
    -- - Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores
    -- and shared memory
    -- - Allow locking/unlocking of shared memory segment
    -- - Allow turning swap on/off
    -- - Allow forged pids on socket credentials passing
    -- - Allow setting readahead and flushing buffers on block devices
    -- - Allow setting geometry in floppy driver
    -- - Allow turning DMA on/off in xd driver
    -- - Allow administration of md devices (mostly the above, but some
    -- extra ioctls)
    -- - Allow tuning the ide driver
    -- - Allow access to the nvram device
    -- - Allow administration of apm_bios, serial and bttv (TV) device
    -- - Allow manufacturer commands in isdn CAPI support driver
    -- - Allow reading non-standardized portions of pci configuration space
    -- - Allow DDI debug ioctl on sbpcd driver
    -- - Allow setting up serial ports
    -- - Allow sending raw qic-117 commands
    -- - Allow enabling/disabling tagged queuing on SCSI controllers and sending
    -- arbitrary SCSI commands
    -- - Allow setting encryption key on loopback filesystem
    -- - Allow setting zone reclaim policy
    -- - Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility
    CAP_SYS_ADMIN
  | -- | - Allow use of reboot()
    CAP_SYS_BOOT
  | -- | - Allow raising priority and setting priority on other (different
    -- UID) processes
    -- - Allow use of FIFO and round-robin (realtime) scheduling on own
    -- processes and setting the scheduling algorithm used by another
    -- process.
    -- - Allow setting cpu affinity on other processes
    -- - Allow setting realtime ioprio class
    -- - Allow setting ioprio class on other processes
    CAP_SYS_NICE
  | -- | - Override resource limits. Set resource limits.
    -- - Override quota limits.
    -- - Override reserved space on ext2 filesystem
    -- - Modify data journaling mode on ext3 filesystem (uses journaling
    -- resources)
    -- - NOTE: ext2 honors fsuid when checking for resource overrides, so
    -- you can override using fsuid too
    -- - Override size restrictions on IPC message queues
    -- - Allow more than 64hz interrupts from the real-time clock
    -- - Override max number of consoles on console allocation
    -- - Override max number of keymaps
    -- - Control memory reclaim behavior
    CAP_SYS_RESOURCE
  | -- | - Allow manipulation of system clock
    -- - Allow irix_stime on mips
    -- - Allow setting the real-time clock
    CAP_SYS_TIME
  | -- | - Allow configuration of tty devices
    -- - Allow vhangup() of tty
    CAP_SYS_TTY_CONFIG
  | -- | - Allow the privileged aspects of mknod()
    CAP_MKNOD
  | -- | - Allow taking of leases on files
    CAP_LEASE
  | -- | - Allow writing the audit log via unicast netlink socket
    CAP_AUDIT_WRITE
  | -- | - Allow configuration of audit via unicast netlink socket
    CAP_AUDIT_CONTROL
  | -- | - Set or remove capabilities on files
    CAP_SETFCAP
  | -- | - Override MAC access.
    -- The base kernel enforces no MAC policy.
    -- An LSM may enforce a MAC policy, and if it does and it chooses
    -- to implement capability based overrides of that policy, this is
    -- the capability it should use to do so.
    CAP_MAC_OVERRIDE
  | -- | - Allow MAC configuration or state changes.
    -- The base kernel requires no MAC configuration.
    -- An LSM may enforce a MAC policy, and if it does and it chooses
    -- to implement capability based checks on modifications to that
    -- policy or the data required to maintain it, this is the
    -- capability it should use to do so.
    CAP_MAC_ADMIN
  | -- | - Allow configuring the kernel's syslog (printk behaviour)
    CAP_SYSLOG
  | -- | - Allow triggering something that will wake the system
    CAP_WAKE_ALARM
  | -- | - Allow preventing system suspends
    CAP_BLOCK_SUSPEND
  | -- | - Allow reading the audit log via multicast netlink socket
    CAP_AUDIT_READ
  | -- | - Allow system performance and observability privileged operations
    -- using perf_events, i915_perf and other kernel subsystems
    CAP_PERFMON
  | -- | - CAP_BPF allows BPF operations
    CAP_BPF
  | -- | - Allow checkpoint/restore related operations
    -- - Allow PID selection during clone3()
    -- - Allow writing to ns_last_pid
    CAP_CHECKPOINT_RESTORE
  deriving stock (Capability
Capability -> Capability -> Bounded Capability
forall a. a -> a -> Bounded a
maxBound :: Capability
$cmaxBound :: Capability
minBound :: Capability
$cminBound :: Capability
Bounded, Int -> Capability
Capability -> Int
Capability -> [Capability]
Capability -> Capability
Capability -> Capability -> [Capability]
Capability -> Capability -> Capability -> [Capability]
(Capability -> Capability)
-> (Capability -> Capability)
-> (Int -> Capability)
-> (Capability -> Int)
-> (Capability -> [Capability])
-> (Capability -> Capability -> [Capability])
-> (Capability -> Capability -> [Capability])
-> (Capability -> Capability -> Capability -> [Capability])
-> Enum Capability
forall a.
(a -> a)
-> (a -> a)
-> (Int -> a)
-> (a -> Int)
-> (a -> [a])
-> (a -> a -> [a])
-> (a -> a -> [a])
-> (a -> a -> a -> [a])
-> Enum a
enumFromThenTo :: Capability -> Capability -> Capability -> [Capability]
$cenumFromThenTo :: Capability -> Capability -> Capability -> [Capability]
enumFromTo :: Capability -> Capability -> [Capability]
$cenumFromTo :: Capability -> Capability -> [Capability]
enumFromThen :: Capability -> Capability -> [Capability]
$cenumFromThen :: Capability -> Capability -> [Capability]
enumFrom :: Capability -> [Capability]
$cenumFrom :: Capability -> [Capability]
fromEnum :: Capability -> Int
$cfromEnum :: Capability -> Int
toEnum :: Int -> Capability
$ctoEnum :: Int -> Capability
pred :: Capability -> Capability
$cpred :: Capability -> Capability
succ :: Capability -> Capability
$csucc :: Capability -> Capability
Enum, Capability -> Capability -> Bool
(Capability -> Capability -> Bool)
-> (Capability -> Capability -> Bool) -> Eq Capability
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Capability -> Capability -> Bool
$c/= :: Capability -> Capability -> Bool
== :: Capability -> Capability -> Bool
$c== :: Capability -> Capability -> Bool
Eq, ReadPrec [Capability]
ReadPrec Capability
Int -> ReadS Capability
ReadS [Capability]
(Int -> ReadS Capability)
-> ReadS [Capability]
-> ReadPrec Capability
-> ReadPrec [Capability]
-> Read Capability
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Capability]
$creadListPrec :: ReadPrec [Capability]
readPrec :: ReadPrec Capability
$creadPrec :: ReadPrec Capability
readList :: ReadS [Capability]
$creadList :: ReadS [Capability]
readsPrec :: Int -> ReadS Capability
$creadsPrec :: Int -> ReadS Capability
Read, Int -> Capability -> ShowS
[Capability] -> ShowS
Capability -> String
(Int -> Capability -> ShowS)
-> (Capability -> String)
-> ([Capability] -> ShowS)
-> Show Capability
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Capability] -> ShowS
$cshowList :: [Capability] -> ShowS
show :: Capability -> String
$cshow :: Capability -> String
showsPrec :: Int -> Capability -> ShowS
$cshowsPrec :: Int -> Capability -> ShowS
Show)