1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

// Copyright (C) 2020 - Will Glozer. All rights reserved.

//! An interface to Linux capabilities(7).
//!
//! # Examples
//!
//! Get capabilities of the current thread:
//! ```
//! use capo::{Caps, caps::*};
//!
//! # fn main() -> Result<(), capo::Error> {
//! let caps = Caps::get()?;
//! caps.effective.contains(SysAdmin);
//! # Ok(())
//! # }
//! ```
//!
//! Set capabilities of the current thread:
//! ```no_run
//! # use capo::{Caps, caps::*};
//! # fn main() -> Result<(), capo::Error> {
//! let mut caps = Caps::empty();
//! caps.effective.insert(SysAdmin | Syslog);
//! caps.permitted.insert(SysAdmin | Syslog);
//! caps.set()?;
//! # Ok(())
//! # }
//! ```

pub use cap::Cap;
pub use cap::Ambient;
pub use cap::Bounding;
pub use cap::Caps;
pub use err::Error;
pub use set::Set;

pub mod caps {
    pub use crate::Cap::*;

    pub const CAP_CHOWN:            crate::Cap = Chown;
    pub const CAP_DAC_OVERRIDE:     crate::Cap = DacOverride;
    pub const CAP_DAC_READ_SEARCH:  crate::Cap = DacReadSearch;
    pub const CAP_FOWNER:           crate::Cap = FOwner;
    pub const CAP_FSETID:           crate::Cap = FSetId;
    pub const CAP_KILL:             crate::Cap = Kill;
    pub const CAP_SETGID:           crate::Cap = SetGid;
    pub const CAP_SETUID:           crate::Cap = SetUid;
    pub const CAP_SETPCAP:          crate::Cap = SetPcap;
    pub const CAP_LINUX_IMMUTABLE:  crate::Cap = LinuxImmutable;
    pub const CAP_NET_BIND_SERVICE: crate::Cap = NetBindService;
    pub const CAP_NET_BROADCAST:    crate::Cap = NetBroadcast;
    pub const CAP_NET_ADMIN:        crate::Cap = NetAdmin;
    pub const CAP_NET_RAW:          crate::Cap = NetRaw;
    pub const CAP_IPC_LOCK:         crate::Cap = IpcLock;
    pub const CAP_IPC_OWNER:        crate::Cap = IpcOwner;
    pub const CAP_SYS_MODULE:       crate::Cap = SysModule;
    pub const CAP_SYS_RAWIO:        crate::Cap = SysRawIO;
    pub const CAP_SYS_CHROOT:       crate::Cap = SysChroot;
    pub const CAP_SYS_PTRACE:       crate::Cap = SysPtrace;
    pub const CAP_SYS_PACCT:        crate::Cap = SysPacct;
    pub const CAP_SYS_ADMIN:        crate::Cap = SysAdmin;
    pub const CAP_SYS_BOOT:         crate::Cap = SysBoot;
    pub const CAP_SYS_NICE:         crate::Cap = SysNice;
    pub const CAP_SYS_RESOURCE:     crate::Cap = SysResource;
    pub const CAP_SYS_TIME:         crate::Cap = SysTime;
    pub const CAP_SYS_TTY_CONFIG:   crate::Cap = SysTTYConfig;
    pub const CAP_MKNOD:            crate::Cap = Mknod;
    pub const CAP_LEASE:            crate::Cap = Lease;
    pub const CAP_AUDIT_WRITE:      crate::Cap = AuditWrite;
    pub const CAP_AUDIT_CONTROL:    crate::Cap = AuditControl;
    pub const CAP_SETFCAP:          crate::Cap = Setfcap;
    pub const CAP_MAC_OVERRIDE:     crate::Cap = MacOverride;
    pub const CAP_MAC_ADMIN:        crate::Cap = MacAdmin;
    pub const CAP_SYSLOG:           crate::Cap = Syslog;
    pub const CAP_WAKE_ALARM:       crate::Cap = WakeAlarm;
    pub const CAP_BLOCK_SUSPEND:    crate::Cap = BlockSuspend;
    pub const CAP_AUDIT_READ:       crate::Cap = AuditRead;
}

mod cap;
mod err;
mod set;

mod ffi;
mod sys;