Expand description
A pure-Rust library to work with Linux capabilities.
It provides support for manipulating capabilities available on modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.
type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;
fn manipulate_caps() -> ExResult<()> {
use caps::{Capability, CapSet};
if caps::has_cap(None, CapSet::Permitted, Capability::CAP_SYS_NICE)? {
caps::drop(None, CapSet::Effective, Capability::CAP_SYS_NICE)?;
let effective = caps::read(None, CapSet::Effective)?;
assert_eq!(effective.contains(&Capability::CAP_SYS_NICE), false);
caps::clear(None, CapSet::Effective)?;
let cleared = caps::read(None, CapSet::Effective)?;
assert_eq!(cleared.is_empty(), true);
};
Ok(())
}!
Modules§
- errors
- Error handling.
- runtime
- Detect kernel features at runtime.
- securebits
- Manipulate securebits flags
Enums§
- CapSet
- Linux capabilities sets.
- Capability
- Linux capabilities.
Functions§
- all
- Return the set of all capabilities supported by this library.
- clear
- Clear all capabilities in a set for a thread.
- drop
- Drop a single capability from a set for a thread.
- has_cap
- Check if a thread contains a capability in a set.
- raise
- Raise a single capability in a set for a thread.
- read
- Return all capabilities in a set for a thread.
- set
- Set a capability set for a thread to a new value.
- to_
canonical - Convert an informal capability name into a canonical form.
Type Aliases§
- Caps
Hash Set - An
HashSetspecialized onCapability.