+
+ typedef enum { vcVHI_CONTEXT, vcVHI_SYSNAME, vcVHI_NODENAME,
+ vcVHI_RELEASE, vcVHI_VERSION, vcVHI_MACHINE,
+ vcVHI_DOMAINNAME } vc_uts_type;
+
+ int vc_set_vhi_name(xid_t xid, vc_uts_type type,
+ char const *val, size_t len) VC_ATTR_NONNULL((3));
+ int vc_get_vhi_name(xid_t xid, vc_uts_type type,
+ char *val, size_t len) VC_ATTR_NONNULL((3));
+
+ /** Returns true iff \a xid is a dynamic xid */
+ bool vc_is_dynamic_xid(xid_t xid);
+
+ int vc_enter_namespace(xid_t xid, uint_least64_t mask);
+ int vc_set_namespace(xid_t xid, uint_least64_t mask);
+ int vc_cleanup_namespace();
+ uint_least64_t vc_get_space_mask();
+
+
+ /** \brief Flags of process-contexts
+ */
+ struct vc_ctx_flags {
+ /** \brief Mask of set context flags */
+ uint_least64_t flagword;
+ /** \brief Mask of set and unset context flags when used by set
+ * operations, or modifiable flags when used by get
+ * operations */
+ uint_least64_t mask;
+ };
+
+ /** \brief Capabilities of process-contexts */
+ struct vc_ctx_caps {
+ /** \brief Mask of set common system capabilities */
+ uint_least64_t bcaps;
+ /** \brief Mask of set and unset common system capabilities when used by
+ * set operations, or the modifiable capabilities when used by
+ * get operations */
+ uint_least64_t bmask;
+ /** \brief Mask of set process context capabilities */
+ uint_least64_t ccaps;
+ /** \brief Mask of set and unset process context capabilities when used
+ * by set operations, or the modifiable capabilities when used
+ * by get operations */
+ uint_least64_t cmask;
+ };
+
+ /** \brief Information about parsing errors
+ * \ingroup helper
+ */
+ struct vc_err_listparser {
+ char const *ptr; ///< Pointer to the first character of an erroneous string
+ size_t len; ///< Length of the erroneous string
+ };
+
+ int vc_get_cflags(xid_t xid, struct vc_ctx_flags *) VC_ATTR_NONNULL((2));
+ int vc_set_cflags(xid_t xid, struct vc_ctx_flags const *) VC_ATTR_NONNULL((2));
+
+ int vc_get_ccaps(xid_t xid, struct vc_ctx_caps *);
+ int vc_set_ccaps(xid_t xid, struct vc_ctx_caps const *);
+
+ /** \brief Converts a single string into bcapability
+ * \ingroup helper
+ *
+ * \param str The string to be parsed;
+ * both "CAP_xxx" and "xxx" will be accepted
+ * \param len The length of the string, or \c 0 for automatic detection
+ *
+ * \returns 0 on error; a bitmask on success
+ * \pre \a str != 0
+ */
+ uint_least64_t vc_text2bcap(char const *str, size_t len);
+
+ /** \brief Converts the lowest bit of a bcapability or the entire value
+ * (when possible) to a textual representation
+ * \ingroup helper
+ *
+ * \param val The string to be converted; on success, the detected bit(s)
+ * will be unset, in errorcase only the lowest set bit
+ *
+ * \returns A textual representation of \a val resp. of its lowest set bit;
+ * or \c NULL in errorcase.
+ * \pre \a val!=0
+ * \post \a *val<sub>old</sub> \c != 0 \c <-->
+ * \a *val<sub>old</sub> > \a *val<sub>new</sub>
+ * \post \a *val<sub>old</sub> \c == 0 \c ---> \a result == 0
+ */
+ char const * vc_lobcap2text(uint_least64_t *val) VC_ATTR_NONNULL((1));
+
+ /** \brief Converts a string into a bcapability-bitmask
+ * \ingroup helper
+ *
+ * Syntax of \a str: \verbinclude list2xxx.syntax
+ *
+ * When the \c `~' prefix is used, the bits will be unset and a `~' after
+ * another `~' will cancel both ones. The \c `^' prefix specifies a
+ * bitnumber instead of a bitmask.
+ *
+ * "literal name" is everything which will be accepted by the
+ * vc_text2bcap() function. The special values for \c NAME will be
+ * recognized case insensitively
+ *
+ * \param str The string to be parsed
+ * \param len The length of the string, or \c 0 for automatic detection
+ * \param err Pointer to a structure for error-information, or \c NULL.
+ * \param cap Pointer to a vc_ctx_caps structure holding the results;
+ * only the \a bcaps and \a bmask fields will be changed and
+ * already set values will not be honored. When an error
+ * occured, \a cap will have the value of all processed valid
+ * \c BCAP parts.
+ *
+ * \returns 0 on success, -1 on error. In error case, \a err will hold
+ * position and length of the first not understood BCAP part
+ * \pre \a str != 0 && \a cap != 0;
+ * \a cap->bcaps and \a cap->bmask must be initialized
+ */
+ int vc_list2bcap(char const *str, size_t len,
+ struct vc_err_listparser *err,
+ struct vc_ctx_caps *cap) VC_ATTR_NONNULL((1,4));
+
+ uint_least64_t vc_text2ccap(char const *, size_t len);
+ char const * vc_loccap2text(uint_least64_t *);
+ int vc_list2ccap(char const *, size_t len,
+ struct vc_err_listparser *err,
+ struct vc_ctx_caps *);
+
+ int vc_list2cflag(char const *, size_t len,
+ struct vc_err_listparser *err,
+ struct vc_ctx_flags *flags);
+ uint_least64_t vc_text2cflag(char const *, size_t len);
+ char const * vc_locflag2text(uint_least64_t *);
+
+ uint_least32_t vc_list2cflag_compat(char const *, size_t len,
+ struct vc_err_listparser *err);
+ uint_least32_t vc_text2cflag_compat(char const *, size_t len);
+ char const * vc_hicflag2text_compat(uint_least32_t);
+
+ int vc_text2cap(char const *);
+ char const * vc_cap2text(unsigned int);
+
+
+ int vc_list2nflag(char const *, size_t len,
+ struct vc_err_listparser *err,
+ struct vc_net_flags *flags);
+ uint_least64_t vc_text2nflag(char const *, size_t len);
+ char const * vc_lonflag2text(uint_least64_t *);
+
+ uint_least64_t vc_text2ncap(char const *, size_t len);
+ char const * vc_loncap2text(uint_least64_t *);
+ int vc_list2ncap(char const *, size_t len,
+ struct vc_err_listparser *err,
+ struct vc_net_caps *);
+
+ uint_least64_t vc_get_insecurebcaps() VC_ATTR_CONST;
+ inline static uint_least64_t vc_get_insecureccaps() {
+ return ~(VC_VXC_SET_UTSNAME|VC_VXC_RAW_ICMP);
+ }
+
+ inline static int vc_setfilecontext(char const *filename, xid_t xid) {
+ return vc_set_iattr(filename, xid, 0, VC_IATTR_XID);
+ }
+
+
+ uint_least32_t vc_text2personalityflag(char const *str,
+ size_t len) VC_ATTR_NONNULL((1));
+
+ char const * vc_lopersonality2text(uint_least32_t *) VC_ATTR_NONNULL((1));
+
+ int vc_list2personalityflag(char const /*@in@*/ *,
+ size_t len,
+ uint_least32_t /*@out@*/ *personality,
+ struct vc_err_listparser /*@out@*/ *err) VC_ATTR_NONNULL((1,3));
+
+ uint_least32_t vc_str2personalitytype(char const /*@in@*/*,
+ size_t len) VC_ATTR_NONNULL((1));
+
+ /** \brief Returns the context of \c filename
+ * \ingroup syscalls
+ *
+ * This function calls vc_get_iattr() with appropriate arguments to
+ * determine the context of \c filename. In error-case or when no context
+ * is assigned, \c VC_NOCTX will be returned. To differ between both cases,
+ * \c errno must be examined.
+ *
+ * \b WARNING: this function can modify \c errno although no error happened.
+ *
+ * \param filename The file to check
+ * \returns The assigned context, or VC_NOCTX when an error occured or no
+ * such assignment exists. \c errno will be 0 in the latter case */
+ xid_t vc_getfilecontext(char const *filename) VC_ATTR_NONNULL((1));