-static struct {
- const char *option;
- int bit;
-}tbcap[]={
- // The following capabilities are normally available
- // to vservers administrator, but are place for
- // completeness
- {"CAP_CHOWN",CAP_CHOWN},
- {"CAP_DAC_OVERRIDE",CAP_DAC_OVERRIDE},
- {"CAP_DAC_READ_SEARCH",CAP_DAC_READ_SEARCH},
- {"CAP_FOWNER",CAP_FOWNER},
- {"CAP_FSETID",CAP_FSETID},
- {"CAP_KILL",CAP_KILL},
- {"CAP_SETGID",CAP_SETGID},
- {"CAP_SETUID",CAP_SETUID},
- {"CAP_SETPCAP",CAP_SETPCAP},
- {"CAP_SYS_TTY_CONFIG",CAP_SYS_TTY_CONFIG},
- {"CAP_LEASE",CAP_LEASE},
- {"CAP_SYS_CHROOT",CAP_SYS_CHROOT},
-
- // Those capabilities are not normally available
- // to vservers because they are not needed and
- // may represent a security risk
- {"CAP_LINUX_IMMUTABLE",CAP_LINUX_IMMUTABLE},
- {"CAP_NET_BIND_SERVICE",CAP_NET_BIND_SERVICE},
- {"CAP_NET_BROADCAST",CAP_NET_BROADCAST},
- {"CAP_NET_ADMIN", CAP_NET_ADMIN},
- {"CAP_NET_RAW", CAP_NET_RAW},
- {"CAP_IPC_LOCK", CAP_IPC_LOCK},
- {"CAP_IPC_OWNER", CAP_IPC_OWNER},
- {"CAP_SYS_MODULE",CAP_SYS_MODULE},
- {"CAP_SYS_RAWIO", CAP_SYS_RAWIO},
- {"CAP_SYS_PACCT", CAP_SYS_PACCT},
- {"CAP_SYS_ADMIN", CAP_SYS_ADMIN},
- {"CAP_SYS_BOOT", CAP_SYS_BOOT},
- {"CAP_SYS_NICE", CAP_SYS_NICE},
- {"CAP_SYS_RESOURCE",CAP_SYS_RESOURCE},
- {"CAP_SYS_TIME", CAP_SYS_TIME},
- {"CAP_MKNOD", CAP_MKNOD},
- {"CAP_CONTEXT", CAP_CONTEXT},
- {NULL,0}
-};