Struct capctl::prctl::Secbits

pub struct Secbits { /* fields omitted */ }

Implementations

impl Secbits

pub const NOROOT: Secbits

If this flag is set, the kernel does not grant capabilities when a SUID-root program is executed, or when a process with an effective/real UID of 0 calls exec().

pub const NOROOT_LOCKED: Secbits

Locks the NOROOT flag so it cannot be changed.

pub const NO_SETUID_FIXUP: Secbits

If this flag is set, the kernel will not adjust the current thread's permitted/effective/inheritable capability sets when its effective and filesystem UIDs are changed between zero and nonzero values.

pub const NO_SETUID_FIXUP_LOCKED: Secbits

Locks the NO_SETUID_FIXUP flag so it cannot be changed.

pub const KEEP_CAPS: Secbits

If this flag is set, the kernel will not empty the current thread's permitted capability set when all of its UIDs are switched to nonzero values. (However, the effective capability set will still be cleared.)

This flag is cleared across execve() calls.

Note: get_keepcaps() and set_keepcaps() provide the same functionality as this flag (setting the flag via one method will change its value as perceived by the other, and vice versa). However, set_keepcaps() does not require CAP_SETPCAP; changing the securebits does. As a result, if you only need to manipulate the KEEP_CAPS flag, you may wish to instead use get_keepcaps() and set_keepcaps().

pub const KEEP_CAPS_LOCKED: Secbits

Locks the KEEP_CAPS flag so it cannot be changed.

Note: The KEEP_CAPS flag is always cleared across execve(), even if it is "locked" using this flag. As a result, this flag is mainly useful for locking the KEEP_CAPS in the "off" setting.

pub const NO_CAP_AMBIENT_RAISE: Secbits

Disallows raising ambient capabilities.

pub const NO_CAP_AMBIENT_RAISE_LOCKED: Secbits

Locks the NO_CAP_AMBIENT_RAISE_LOCKED flag so it cannot be changed.

pub const fn empty() -> Secbits

Returns an empty set of flags

pub const fn all() -> Secbits

Returns the set containing all flags.

pub const fn bits(&self) -> c_ulong

Returns the raw value of the flags currently stored.

pub fn from_bits(bits: c_ulong) -> Option<Secbits>

Convert from underlying bit representation, unless that representation contains bits that do not correspond to a flag.

pub const fn from_bits_truncate(bits: c_ulong) -> Secbits

Convert from underlying bit representation, dropping any bits that do not correspond to flags.

pub const unsafe fn from_bits_unchecked(bits: c_ulong) -> Secbits

Convert from underlying bit representation, preserving all bits (even those not corresponding to a defined flag).

pub const fn is_empty(&self) -> bool

Returns true if no flags are currently stored.

pub const fn is_all(&self) -> bool

Returns true if all flags are currently set.

pub const fn intersects(&self, other: Secbits) -> bool

Returns true if there are flags common to both self and other.

pub const fn contains(&self, other: Secbits) -> bool

Returns true all of the flags in other are contained within self.

pub fn insert(&mut self, other: Secbits)

Inserts the specified flags in-place.

pub fn remove(&mut self, other: Secbits)

Removes the specified flags in-place.

pub fn toggle(&mut self, other: Secbits)

Toggles the specified flags in-place.

pub fn set(&mut self, other: Secbits, value: bool)

Inserts or removes the specified flags depending on the passed value.

Trait Implementations

impl Binary for Secbits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl BitAnd<Secbits> for Secbits

type Output = Secbits

The resulting type after applying the & operator.

fn bitand(self, other: Secbits) -> Secbits

Returns the intersection between the two sets of flags.

impl BitAndAssign<Secbits> for Secbits

fn bitand_assign(&mut self, other: Secbits)

Disables all flags disabled in the set.

impl BitOr<Secbits> for Secbits

type Output = Secbits

The resulting type after applying the | operator.

fn bitor(self, other: Secbits) -> Secbits

Returns the union of the two sets of flags.

impl BitOrAssign<Secbits> for Secbits

fn bitor_assign(&mut self, other: Secbits)

Adds the set of flags.

impl BitXor<Secbits> for Secbits

type Output = Secbits

The resulting type after applying the ^ operator.

fn bitxor(self, other: Secbits) -> Secbits

Returns the left flags, but with all the right flags toggled.

impl BitXorAssign<Secbits> for Secbits

fn bitxor_assign(&mut self, other: Secbits)

Toggles the set of flags.

impl Clone for Secbits

fn clone(&self) -> Secbits

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Copy for Secbits

impl Debug for Secbits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Eq for Secbits

impl Extend<Secbits> for Secbits

fn extend<T: IntoIterator<Item = Secbits>>(&mut self, iterator: T)

Extends a collection with the contents of an iterator.

fn extend_one(&mut self, item: A)

🔬 This is a nightly-only experimental API. (extend_one)

Extends a collection with exactly one element.

fn extend_reserve(&mut self, additional: usize)

🔬 This is a nightly-only experimental API. (extend_one)

Reserves capacity in a collection for the given number of additional elements.

impl FromIterator<Secbits> for Secbits

fn from_iter<T: IntoIterator<Item = Secbits>>(iterator: T) -> Secbits

Creates a value from an iterator.

impl Hash for Secbits

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H) where
    H: Hasher, 

Feeds a slice of this type into the given Hasher.

impl LowerHex for Secbits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Not for Secbits

type Output = Secbits

The resulting type after applying the ! operator.

fn not(self) -> Secbits

Returns the complement of this set of flags.

impl Octal for Secbits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Ord for Secbits

fn cmp(&self, other: &Secbits) -> Ordering

This method returns an Ordering between self and other.

#[must_use]fn max(self, other: Self) -> Self

Compares and returns the maximum of two values.

#[must_use]fn min(self, other: Self) -> Self

Compares and returns the minimum of two values.

#[must_use]fn clamp(self, min: Self, max: Self) -> Self

🔬 This is a nightly-only experimental API. (clamp)

Restrict a value to a certain interval.

impl PartialEq<Secbits> for Secbits

fn eq(&self, other: &Secbits) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Secbits) -> bool

This method tests for !=.

impl PartialOrd<Secbits> for Secbits

fn partial_cmp(&self, other: &Secbits) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Secbits) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Secbits) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Secbits) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Secbits) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl StructuralEq for Secbits

impl StructuralPartialEq for Secbits

impl Sub<Secbits> for Secbits

type Output = Secbits

The resulting type after applying the - operator.

fn sub(self, other: Secbits) -> Secbits

Returns the set difference of the two sets of flags.

impl SubAssign<Secbits> for Secbits

fn sub_assign(&mut self, other: Secbits)

Disables all flags enabled in the set.

impl UpperHex for Secbits

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.