capabilities: implement per-process securebits
[linux-2.6.git] / include / linux / init_task.h
1 #ifndef _LINUX__INIT_TASK_H
2 #define _LINUX__INIT_TASK_H
3
4 #include <linux/file.h>
5 #include <linux/rcupdate.h>
6 #include <linux/irqflags.h>
7 #include <linux/utsname.h>
8 #include <linux/lockdep.h>
9 #include <linux/ipc.h>
10 #include <linux/pid_namespace.h>
11 #include <linux/user_namespace.h>
12 #include <linux/securebits.h>
13 #include <net/net_namespace.h>
14
15 #define INIT_FDTABLE \
16 {                                                       \
17         .max_fds        = NR_OPEN_DEFAULT,              \
18         .fd             = &init_files.fd_array[0],      \
19         .close_on_exec  = (fd_set *)&init_files.close_on_exec_init, \
20         .open_fds       = (fd_set *)&init_files.open_fds_init,  \
21         .rcu            = RCU_HEAD_INIT,                \
22         .next           = NULL,                         \
23 }
24
25 #define INIT_FILES \
26 {                                                       \
27         .count          = ATOMIC_INIT(1),               \
28         .fdt            = &init_files.fdtab,            \
29         .fdtab          = INIT_FDTABLE,                 \
30         .file_lock      = __SPIN_LOCK_UNLOCKED(init_task.file_lock), \
31         .next_fd        = 0,                            \
32         .close_on_exec_init = { { 0, } },               \
33         .open_fds_init  = { { 0, } },                   \
34         .fd_array       = { NULL, }                     \
35 }
36
37 #define INIT_KIOCTX(name, which_mm) \
38 {                                                       \
39         .users          = ATOMIC_INIT(1),               \
40         .dead           = 0,                            \
41         .mm             = &which_mm,                    \
42         .user_id        = 0,                            \
43         .next           = NULL,                         \
44         .wait           = __WAIT_QUEUE_HEAD_INITIALIZER(name.wait), \
45         .ctx_lock       = __SPIN_LOCK_UNLOCKED(name.ctx_lock), \
46         .reqs_active    = 0U,                           \
47         .max_reqs       = ~0U,                          \
48 }
49
50 #define INIT_MM(name) \
51 {                                                               \
52         .mm_rb          = RB_ROOT,                              \
53         .pgd            = swapper_pg_dir,                       \
54         .mm_users       = ATOMIC_INIT(2),                       \
55         .mm_count       = ATOMIC_INIT(1),                       \
56         .mmap_sem       = __RWSEM_INITIALIZER(name.mmap_sem),   \
57         .page_table_lock =  __SPIN_LOCK_UNLOCKED(name.page_table_lock), \
58         .mmlist         = LIST_HEAD_INIT(name.mmlist),          \
59         .cpu_vm_mask    = CPU_MASK_ALL,                         \
60 }
61
62 #define INIT_SIGNALS(sig) {                                             \
63         .count          = ATOMIC_INIT(1),                               \
64         .wait_chldexit  = __WAIT_QUEUE_HEAD_INITIALIZER(sig.wait_chldexit),\
65         .shared_pending = {                                             \
66                 .list = LIST_HEAD_INIT(sig.shared_pending.list),        \
67                 .signal =  {{0}}},                                      \
68         .posix_timers    = LIST_HEAD_INIT(sig.posix_timers),            \
69         .cpu_timers     = INIT_CPU_TIMERS(sig.cpu_timers),              \
70         .rlim           = INIT_RLIMITS,                                 \
71 }
72
73 extern struct nsproxy init_nsproxy;
74 #define INIT_NSPROXY(nsproxy) {                                         \
75         .pid_ns         = &init_pid_ns,                                 \
76         .count          = ATOMIC_INIT(1),                               \
77         .uts_ns         = &init_uts_ns,                                 \
78         .mnt_ns         = NULL,                                         \
79         INIT_NET_NS(net_ns)                                             \
80         INIT_IPC_NS(ipc_ns)                                             \
81         .user_ns        = &init_user_ns,                                \
82 }
83
84 #define INIT_SIGHAND(sighand) {                                         \
85         .count          = ATOMIC_INIT(1),                               \
86         .action         = { { { .sa_handler = NULL, } }, },             \
87         .siglock        = __SPIN_LOCK_UNLOCKED(sighand.siglock),        \
88         .signalfd_wqh   = __WAIT_QUEUE_HEAD_INITIALIZER(sighand.signalfd_wqh),  \
89 }
90
91 extern struct group_info init_groups;
92
93 #define INIT_STRUCT_PID {                                               \
94         .count          = ATOMIC_INIT(1),                               \
95         .tasks          = {                                             \
96                 { .first = &init_task.pids[PIDTYPE_PID].node },         \
97                 { .first = &init_task.pids[PIDTYPE_PGID].node },        \
98                 { .first = &init_task.pids[PIDTYPE_SID].node },         \
99         },                                                              \
100         .rcu            = RCU_HEAD_INIT,                                \
101         .level          = 0,                                            \
102         .numbers        = { {                                           \
103                 .nr             = 0,                                    \
104                 .ns             = &init_pid_ns,                         \
105                 .pid_chain      = { .next = NULL, .pprev = NULL },      \
106         }, }                                                            \
107 }
108
109 #define INIT_PID_LINK(type)                                     \
110 {                                                               \
111         .node = {                                               \
112                 .next = NULL,                                   \
113                 .pprev = &init_struct_pid.tasks[type].first,    \
114         },                                                      \
115         .pid = &init_struct_pid,                                \
116 }
117
118 #ifdef CONFIG_AUDITSYSCALL
119 #define INIT_IDS \
120         .loginuid = -1, \
121         .sessionid = -1,
122 #else
123 #define INIT_IDS
124 #endif
125
126 #ifdef CONFIG_SECURITY_FILE_CAPABILITIES
127 /*
128  * Because of the reduced scope of CAP_SETPCAP when filesystem
129  * capabilities are in effect, it is safe to allow CAP_SETPCAP to
130  * be available in the default configuration.
131  */
132 # define CAP_INIT_BSET  CAP_FULL_SET
133 #else
134 # define CAP_INIT_BSET  CAP_INIT_EFF_SET
135 #endif
136
137 /*
138  *  INIT_TASK is used to set up the first task table, touch at
139  * your own risk!. Base=0, limit=0x1fffff (=2MB)
140  */
141 #define INIT_TASK(tsk)  \
142 {                                                                       \
143         .state          = 0,                                            \
144         .stack          = &init_thread_info,                            \
145         .usage          = ATOMIC_INIT(2),                               \
146         .flags          = 0,                                            \
147         .lock_depth     = -1,                                           \
148         .prio           = MAX_PRIO-20,                                  \
149         .static_prio    = MAX_PRIO-20,                                  \
150         .normal_prio    = MAX_PRIO-20,                                  \
151         .policy         = SCHED_NORMAL,                                 \
152         .cpus_allowed   = CPU_MASK_ALL,                                 \
153         .mm             = NULL,                                         \
154         .active_mm      = &init_mm,                                     \
155         .se             = {                                             \
156                 .group_node     = LIST_HEAD_INIT(tsk.se.group_node),    \
157         },                                                              \
158         .rt             = {                                             \
159                 .run_list       = LIST_HEAD_INIT(tsk.rt.run_list),      \
160                 .time_slice     = HZ,                                   \
161                 .nr_cpus_allowed = NR_CPUS,                             \
162         },                                                              \
163         .tasks          = LIST_HEAD_INIT(tsk.tasks),                    \
164         .ptrace_children= LIST_HEAD_INIT(tsk.ptrace_children),          \
165         .ptrace_list    = LIST_HEAD_INIT(tsk.ptrace_list),              \
166         .real_parent    = &tsk,                                         \
167         .parent         = &tsk,                                         \
168         .children       = LIST_HEAD_INIT(tsk.children),                 \
169         .sibling        = LIST_HEAD_INIT(tsk.sibling),                  \
170         .group_leader   = &tsk,                                         \
171         .group_info     = &init_groups,                                 \
172         .cap_effective  = CAP_INIT_EFF_SET,                             \
173         .cap_inheritable = CAP_INIT_INH_SET,                            \
174         .cap_permitted  = CAP_FULL_SET,                                 \
175         .cap_bset       = CAP_INIT_BSET,                                \
176         .securebits     = SECUREBITS_DEFAULT,                           \
177         .user           = INIT_USER,                                    \
178         .comm           = "swapper",                                    \
179         .thread         = INIT_THREAD,                                  \
180         .fs             = &init_fs,                                     \
181         .files          = &init_files,                                  \
182         .signal         = &init_signals,                                \
183         .sighand        = &init_sighand,                                \
184         .nsproxy        = &init_nsproxy,                                \
185         .pending        = {                                             \
186                 .list = LIST_HEAD_INIT(tsk.pending.list),               \
187                 .signal = {{0}}},                                       \
188         .blocked        = {{0}},                                        \
189         .alloc_lock     = __SPIN_LOCK_UNLOCKED(tsk.alloc_lock),         \
190         .journal_info   = NULL,                                         \
191         .cpu_timers     = INIT_CPU_TIMERS(tsk.cpu_timers),              \
192         .fs_excl        = ATOMIC_INIT(0),                               \
193         .pi_lock        = __SPIN_LOCK_UNLOCKED(tsk.pi_lock),            \
194         .pids = {                                                       \
195                 [PIDTYPE_PID]  = INIT_PID_LINK(PIDTYPE_PID),            \
196                 [PIDTYPE_PGID] = INIT_PID_LINK(PIDTYPE_PGID),           \
197                 [PIDTYPE_SID]  = INIT_PID_LINK(PIDTYPE_SID),            \
198         },                                                              \
199         .dirties = INIT_PROP_LOCAL_SINGLE(dirties),                     \
200         INIT_IDS                                                        \
201         INIT_TRACE_IRQFLAGS                                             \
202         INIT_LOCKDEP                                                    \
203 }
204
205
206 #define INIT_CPU_TIMERS(cpu_timers)                                     \
207 {                                                                       \
208         LIST_HEAD_INIT(cpu_timers[0]),                                  \
209         LIST_HEAD_INIT(cpu_timers[1]),                                  \
210         LIST_HEAD_INIT(cpu_timers[2]),                                  \
211 }
212
213
214 #endif