CapabilitySetOf returns a CapabilitySet containing only the given capability.

CapabilitySetOfMany returns a CapabilitySet containing the given capabilities.

ContextWithCredentials returns a copy of ctx carrying creds.

CopyGIDSliceIn copies in a slice of GID objects from the task's memory.

CopyGIDSliceOut copies a slice of GID objects to the task's memory.

CredentialsFromContext returns a copy of the Credentials used by ctx, or a set of Credentials with no capabilities if ctx does not have Credentials.

MarshalUnsafeGIDSlice is like GID.MarshalUnsafe, but for a []GID.

NewAnonymousCredentials returns a set of credentials with no capabilities in any user namespace.

NewRootCredentials returns a set of credentials with KUID and KGID 0 (i.e.

NewRootUserNamespace returns a UserNamespace that is appropriate for a system's root user namespace.

NewUserCredentials returns a set of credentials based on the given UID, GIDs, and capabilities in a given namespace.

ThreadGroupIDFromContext returns the current thread group ID when ctx represents a task context.

UnmarshalUnsafeGIDSlice is like GID.UnmarshalUnsafe, but for a []GID.

CtxCredentials is a Context.Value key for Credentials.

CtxThreadGroupID is the current thread group ID when a context represents a task context.

Default permissions for named session keyrings: Possessors have full permissions.

Default session keyring name.

Default permissions for unnamed session keyrings: Possessors have full permissions.

List of known key permissions.

List of known key permissions.

List of known key permissions.

List of known key permissions.

List of known key types.

List of known key permissions.

List of known key permissions.

MaxKeyDescSize is the maximum size of the "Description" field of keys.

NobodyKGID is the group equivalent to NobodyKUID.

NobodyKUID is the user ID usually reserved for the least privileged user "nobody".

NoID is uint32(-1).

OverflowGID is the group equivalent to OverflowUID.

OverflowUID is the default value of /proc/sys/kernel/overflowuid.

RootGID is the root group.

RootKGID is the group equivalent to RootKUID.

RootKUID is the user ID usually used for the most privileged user "root".

RootUID is the root user.

AllCapabilities is a CapabilitySet containing all valid capabilities.

An AtomicPtr is a pointer to a value of type Value that can be atomically loaded and stored.

Credentials contains information required to authorize privileged operations in a user namespace.

An IDMapEntry represents a mapping from a range of contiguous IDs in a user namespace to an equally-sized range of contiguous IDs in the namespace's parent.

Key represents a key in the keyrings subsystem.

KeySet is a set of keys.

LockedKeySet is a KeySet in a transaction.

PossessedKeys is an opaque type used during key permission check.

TaskCapabilities represents all the capability sets for a task.

A UserNamespace represents a user namespace.

A CapabilitySet is a set of capabilities implemented as a bitset.

GID is a group ID in an unspecified user namespace.

KeyPermission represents a permission on a key.

KeyPermissions is the full set of permissions on a single Key.

KeySerial is a key ID type.

KeyType is the type of a key.

KGID is a group ID in the root user namespace.

KUID is a user ID in the root user namespace.

UID is a user ID in an unspecified user namespace.