linux capability.h如何为34个元素使用32位掩码?
linux capability.h如何为34个元素使用32位掩码?,linux,bitmask,Linux,Bitmask,/usr/include/linux/capability.h中的文件定义了34种可能的功能。 它是这样的: #define CAP_CHOWN 0 #define CAP_DAC_OVERRIDE 1 ..... #define CAP_MAC_ADMIN 33 #define CAP_LAST_CAP CAP_MAC_ADMIN 每个流程都定义了相应的功能 typedef struct __user_cap_data_st
/usr/include/linux/capability.h中的文件定义了34种可能的功能。
它是这样的:
#define CAP_CHOWN 0
#define CAP_DAC_OVERRIDE 1
.....
#define CAP_MAC_ADMIN 33
#define CAP_LAST_CAP CAP_MAC_ADMIN
每个流程都定义了相应的功能
typedef struct __user_cap_data_struct {
__u32 effective;
__u32 permitted;
__u32 inheritable;
} * cap_user_data_t;
我很困惑-一个进程可以有32位有效的功能,但是capability.h中定义的功能总量是34。如何在32位掩码中编码34个位置?它们不是位掩码,只是常量。例如,CAP\u MAC\u ADMIN
设置多个位。在二进制中,33是什么,10001?它们不是位掩码,它们只是常量。例如,CAP\u MAC\u ADMIN
设置多个位。在二进制中,33是什么,10001?因为您还没有阅读全部手册
capget手册首先说服您不要使用它:
These two functions are the raw kernel interface for getting and set‐
ting thread capabilities. Not only are these system calls specific to
Linux, but the kernel API is likely to change and use of these func‐
tions (in particular the format of the cap_user_*_t types) is subject
to extension with each kernel revision, but old programs will keep
working.
The portable interfaces are cap_set_proc(3) and cap_get_proc(3); if
possible you should use those interfaces in applications. If you wish
to use the Linux extensions in applications, you should use the easier-
to-use interfaces capsetp(3) and capgetp(3).
当前详细信息
Now that you have been warned, some current kernel details. The struc‐
tures are defined as follows.
#define _LINUX_CAPABILITY_VERSION_1 0x19980330
#define _LINUX_CAPABILITY_U32S_1 1
#define _LINUX_CAPABILITY_VERSION_2 0x20071026
#define _LINUX_CAPABILITY_U32S_2 2
[...]
effective, permitted, inheritable are bitmasks of the capabilities
defined in capability(7). Note the CAP_* values are bit indexes and
need to be bit-shifted before ORing into the bit fields.
[...]
Kernels prior to 2.6.25 prefer 32-bit capabilities with version
_LINUX_CAPABILITY_VERSION_1, and kernels 2.6.25+ prefer 64-bit capabil‐
ities with version _LINUX_CAPABILITY_VERSION_2. Note, 64-bit capabili‐
ties use datap[0] and datap[1], whereas 32-bit capabilities only use
datap[0].
其中,datap
先前定义为指向\uuu用户\uu cap\u数据结构的指针
。因此,您只需在一个由两个\uuu用户\uu cap\u数据结构组成的数组中用两个\u32
表示一个64位的值
仅此一点就告诉我不要使用此API,因此我没有阅读手册的其余部分。因为您没有阅读手册的所有部分
capget手册首先说服您不要使用它:
These two functions are the raw kernel interface for getting and set‐
ting thread capabilities. Not only are these system calls specific to
Linux, but the kernel API is likely to change and use of these func‐
tions (in particular the format of the cap_user_*_t types) is subject
to extension with each kernel revision, but old programs will keep
working.
The portable interfaces are cap_set_proc(3) and cap_get_proc(3); if
possible you should use those interfaces in applications. If you wish
to use the Linux extensions in applications, you should use the easier-
to-use interfaces capsetp(3) and capgetp(3).
当前详细信息
Now that you have been warned, some current kernel details. The struc‐
tures are defined as follows.
#define _LINUX_CAPABILITY_VERSION_1 0x19980330
#define _LINUX_CAPABILITY_U32S_1 1
#define _LINUX_CAPABILITY_VERSION_2 0x20071026
#define _LINUX_CAPABILITY_U32S_2 2
[...]
effective, permitted, inheritable are bitmasks of the capabilities
defined in capability(7). Note the CAP_* values are bit indexes and
need to be bit-shifted before ORing into the bit fields.
[...]
Kernels prior to 2.6.25 prefer 32-bit capabilities with version
_LINUX_CAPABILITY_VERSION_1, and kernels 2.6.25+ prefer 64-bit capabil‐
ities with version _LINUX_CAPABILITY_VERSION_2. Note, 64-bit capabili‐
ties use datap[0] and datap[1], whereas 32-bit capabilities only use
datap[0].
其中,datap
先前定义为指向\uuu用户\uu cap\u数据结构的指针
。因此,您只需在一个由两个\uuu用户\uu cap\u数据结构组成的数组中用两个\u32
表示一个64位的值
仅此一点就告诉我永远不要使用此API,因此我没有阅读手册的其余部分。我一直认为,在这3个位图中,每种功能都是以位的形式实现的,这3个位图是已设置或未设置的。所以我们有34种可能的功能,只有32位。@abirvalg:它们不是。查看它们定义的值。这些不是位常量。我一直认为每个功能在这3个位图中都是以位的形式实现的,这3个位图可以是设置的,也可以是未设置的。所以我们有34种可能的功能,只有32位。@abirvalg:它们不是。查看它们定义的值。这些不是比特常数。