Crate caps

Source
Expand description

A pure-Rust library to work with Linux capabilities.

It provides support for manipulating capabilities available on modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    if caps::has_cap(None, CapSet::Permitted, Capability::CAP_SYS_NICE)? {
        caps::drop(None, CapSet::Effective, Capability::CAP_SYS_NICE)?;
        let effective = caps::read(None, CapSet::Effective)?;
        assert_eq!(effective.contains(&Capability::CAP_SYS_NICE), false);

        caps::clear(None, CapSet::Effective)?;
        let cleared = caps::read(None, CapSet::Effective)?;
        assert_eq!(cleared.is_empty(), true);
    };

    Ok(())
}

!

Modules§

Enums§

Functions§

  • all
    Return the set of all capabilities supported by this library.
  • clear
    Clear all capabilities in a set for a thread.
  • drop
    Drop a single capability from a set for a thread.
  • has_cap
    Check if a thread contains a capability in a set.
  • raise
    Raise a single capability in a set for a thread.
  • read
    Return all capabilities in a set for a thread.
  • set
    Set a capability set for a thread to a new value.
  • to_canonical
    Convert an informal capability name into a canonical form.

Type Aliases§