1. 首頁
  2. 問答
  3. linux capability.h如何爲34個元素使用32位掩碼?

linux capability.h如何爲34個元素使用32位掩碼?

2011-12-27 52 views
0

/usr/include/linux/capability.h中的文件#defines 34個可能的功能。 它是這樣:linux capability.h如何爲34個元素使用32位掩碼?

#define CAP_CHOWN   0 

#define CAP_DAC_OVERRIDE  1 

..... 

#define CAP_MAC_ADMIN  33 

#define CAP_LAST_CAP   CAP_MAC_ADMIN

每個進程又正是如此定義

typedef struct __user_cap_data_struct { 

     __u32 effective; 
     __u32 permitted; 
     __u32 inheritable; 
} * cap_user_data_t;

能力我很困惑 - 這個過程可以具有有效功能的32位,但能力在能力所限定的總量.h是34.如何在32位掩碼中編碼34個位置?

來源

2011-12-27 abirvalg

回答

3

因爲您還沒有閱讀全部手冊。

的capget手動啓動說服你不使用它:

These two functions are the raw kernel interface for getting and set‐ 
ting thread capabilities. Not only are these system calls specific to 
Linux, but the kernel API is likely to change and use of these func‐ 
tions (in particular the format of the cap_user_*_t types) is subject 
to extension with each kernel revision, but old programs will keep 
working. 

The portable interfaces are cap_set_proc(3) and cap_get_proc(3); if 
possible you should use those interfaces in applications. If you wish 
to use the Linux extensions in applications, you should use the easier- 
to-use interfaces capsetp(3) and capgetp(3).

當前細節

Now that you have been warned, some current kernel details. The struc‐ 
tures are defined as follows. 

#define _LINUX_CAPABILITY_VERSION_1 0x19980330 
#define _LINUX_CAPABILITY_U32S_1  1 

#define _LINUX_CAPABILITY_VERSION_2 0x20071026 
#define _LINUX_CAPABILITY_U32S_2  2 

[...] 
effective, permitted, inheritable are bitmasks of the capabilities 
defined in capability(7). Note the CAP_* values are bit indexes and 
need to be bit-shifted before ORing into the bit fields. 
[...] 
Kernels prior to 2.6.25 prefer 32-bit capabilities with version 
_LINUX_CAPABILITY_VERSION_1, and kernels 2.6.25+ prefer 64-bit capabil‐ 
ities with version _LINUX_CAPABILITY_VERSION_2. Note, 64-bit capabili‐ 
ties use datap[0] and datap[1], whereas 32-bit capabilities only use 
datap[0].

其中datap較早的指針__user_cap_data_struct定義。所以你只是代表一個64bit的值,其中兩個__u32在兩個__user_cap_data_struct的數組中。

這個,單獨告訴我永遠不要使用這個API,所以我沒有閱讀手冊的其餘部分。

來源

2011-12-27 20:51:33 BatchyX

2

他們不是位掩碼,他們只是常數。例如。 CAP_MAC_ADMIN設置多個位。在二進制中,33是什麼,10001?

來源

2011-12-27 18:49:30 Puppy

+0

我一直認爲每個功能都是在這3個位圖的每一箇中實現的,它們可以是設置的也可以是未設置的。所以我們有34種可能的功能,只有32位。 – abirvalg 2011-12-27 19:11:40

+0

@abirvalg:他們不是。看看他們'#defined'的值。那些不是常量。 – Puppy 2011-12-27 19:23:48

+0

@DeadMG:不幸的是...... – BatchyX 2011-12-27 20:52:48

相關問題

 相關問題