feat: implement sys_capget and sys_capset system calls #1293
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add sys_capget module and implementation for retrieving process capabilities - Add comprehensive test suite for capget functionality Signed-off-by: longjin <longjin@DragonOS.org>
- 添加了完整的 capability 系统调用实现,包括版本协商、能力集规则验证 - 新增 sys_capget 和 sys_capset 系统调用,对齐 Linux 接口 - 实现能力集规则:effective 必须受限于 permitted,permitted 不允许提升,inheritable 受 CAP_SETPCAP 和 bounding set 限制 - 添加 set_cred 方法支持原子替换进程凭据 - 更新文档,添加 sys_capget_capset 设计说明 - 增加测试用例验证系统调用行为和边界条件 Signed-off-by: longjin <longjin@DragonOS.org>
fslongjin
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.