Crate caps

source ·
Expand description

A pure-Rust library to work with Linux capabilities.

It provides support for manipulating capabilities available on modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    if caps::has_cap(None, CapSet::Permitted, Capability::CAP_SYS_NICE)? {
        caps::drop(None, CapSet::Effective, Capability::CAP_SYS_NICE)?;
        let effective = caps::read(None, CapSet::Effective)?;
        assert_eq!(effective.contains(&Capability::CAP_SYS_NICE), false);

        caps::clear(None, CapSet::Effective)?;
        let cleared = caps::read(None, CapSet::Effective)?;
        assert_eq!(cleared.is_empty(), true);
    };

    Ok(())
}

!

Modules

errors
Error handling.
runtime
Detect kernel features at runtime.
securebits
Manipulate securebits flags

Enums

CapSet
Linux capabilities sets.
Capability
Linux capabilities.

Functions

all
Return the set of all capabilities supported by this library.
clear
Clear all capabilities in a set for a thread.
drop
Drop a single capability from a set for a thread.
has_cap
Check if a thread contains a capability in a set.
raise
Raise a single capability in a set for a thread.
read
Return all capabilities in a set for a thread.
set
Set a capability set for a thread to a new value.
to_canonical
Convert an informal capability name into a canonical form.

Type Definitions

CapsHashSet
An HashSet specialized on Capability.