Struct Capabilities

Source

pub struct Capabilities { /* private fields */ }

Expand description

A capability set that can be manipulated.

Implementations§

Source §

impl Capabilities

Source

pub fn new() -> Result<Capabilities, Error>

Create a new empty capability set

Examples found in repository ?

examples/demo.rs (line 9)

7fn main() {
8
9    let mut capability_set = Capabilities::new().unwrap();
10    capability_set.reset_all();
11
12    let flags = [Capability::CAP_CHOWN, Capability::CAP_SETUID, Capability::CAP_SYS_RESOURCE];
13
14    capability_set.update(&flags, Flag::Permitted, true);
15    capability_set.update(&flags, Flag::Effective, true);
16    capability_set.update(&[Capability::CAP_SYS_TIME], Flag::Permitted, true);
17
18    println!("Working set - {}", capability_set);
19
20    match capability_set.apply() {
21        Ok(_) => {
22            let current = Capabilities::from_current_proc().unwrap();
23            println!("Current - {}", current);
24        }
25        Err(e) => {
26            println!("Unable to apply capabilities - {}", e.to_string());
27        }
28    }
29}

Source

pub fn from_fd(fd: isize) -> Result<Capabilities, Error>

Create a capability set from the specified file descriptor

Source

pub fn from_file(path: &str) -> Result<Capabilities, Error>

Create a capability set base on the supplied file path

Source

pub fn from_pid(pid: isize) -> Result<Capabilities, Error>

Create a capability set from the supplied process ID.

Source

pub fn from_current_proc() -> Result<Capabilities, Error>

Create a capability set based on the current processes capabilities.

Examples found in repository ?

examples/demo.rs (line 22)

7fn main() {
8
9    let mut capability_set = Capabilities::new().unwrap();
10    capability_set.reset_all();
11
12    let flags = [Capability::CAP_CHOWN, Capability::CAP_SETUID, Capability::CAP_SYS_RESOURCE];
13
14    capability_set.update(&flags, Flag::Permitted, true);
15    capability_set.update(&flags, Flag::Effective, true);
16    capability_set.update(&[Capability::CAP_SYS_TIME], Flag::Permitted, true);
17
18    println!("Working set - {}", capability_set);
19
20    match capability_set.apply() {
21        Ok(_) => {
22            let current = Capabilities::from_current_proc().unwrap();
23            println!("Current - {}", current);
24        }
25        Err(e) => {
26            println!("Unable to apply capabilities - {}", e.to_string());
27        }
28    }
29}

Source

pub fn reset_all(&mut self)

Clear all the entries in the capability set.

Examples found in repository ?

examples/demo.rs (line 10)

7fn main() {
8
9    let mut capability_set = Capabilities::new().unwrap();
10    capability_set.reset_all();
11
12    let flags = [Capability::CAP_CHOWN, Capability::CAP_SETUID, Capability::CAP_SYS_RESOURCE];
13
14    capability_set.update(&flags, Flag::Permitted, true);
15    capability_set.update(&flags, Flag::Effective, true);
16    capability_set.update(&[Capability::CAP_SYS_TIME], Flag::Permitted, true);
17
18    println!("Working set - {}", capability_set);
19
20    match capability_set.apply() {
21        Ok(_) => {
22            let current = Capabilities::from_current_proc().unwrap();
23            println!("Current - {}", current);
24        }
25        Err(e) => {
26            println!("Unable to apply capabilities - {}", e.to_string());
27        }
28    }
29}

Source

pub fn reset_flag(&mut self, flag: Flag)

Clear all instances of the supplied flag.

Source

pub fn check(&self, cap: Capability, flag: Flag) -> bool

Check if the supplied capability has the flag set in this capability set.

Source

pub fn update(&mut self, caps: &[Capability], flag: Flag, set: bool) -> bool

Update the capability set adding the supplied capabilities. Each of the supplied capabilities will have the flag set or cleared depending on the value supplied for set.

Examples found in repository ?

examples/demo.rs (line 14)

7fn main() {
8
9    let mut capability_set = Capabilities::new().unwrap();
10    capability_set.reset_all();
11
12    let flags = [Capability::CAP_CHOWN, Capability::CAP_SETUID, Capability::CAP_SYS_RESOURCE];
13
14    capability_set.update(&flags, Flag::Permitted, true);
15    capability_set.update(&flags, Flag::Effective, true);
16    capability_set.update(&[Capability::CAP_SYS_TIME], Flag::Permitted, true);
17
18    println!("Working set - {}", capability_set);
19
20    match capability_set.apply() {
21        Ok(_) => {
22            let current = Capabilities::from_current_proc().unwrap();
23            println!("Current - {}", current);
24        }
25        Err(e) => {
26            println!("Unable to apply capabilities - {}", e.to_string());
27        }
28    }
29}

Source

pub fn apply(&self) -> Result<(), Error>

Attempt to apply the capability set to the current process.

Examples found in repository ?

examples/demo.rs (line 20)

7fn main() {
8
9    let mut capability_set = Capabilities::new().unwrap();
10    capability_set.reset_all();
11
12    let flags = [Capability::CAP_CHOWN, Capability::CAP_SETUID, Capability::CAP_SYS_RESOURCE];
13
14    capability_set.update(&flags, Flag::Permitted, true);
15    capability_set.update(&flags, Flag::Effective, true);
16    capability_set.update(&[Capability::CAP_SYS_TIME], Flag::Permitted, true);
17
18    println!("Working set - {}", capability_set);
19
20    match capability_set.apply() {
21        Ok(_) => {
22            let current = Capabilities::from_current_proc().unwrap();
23            println!("Current - {}", current);
24        }
25        Err(e) => {
26            println!("Unable to apply capabilities - {}", e.to_string());
27        }
28    }
29}