Crate caps[][src]

A pure-Rust library to work with Linux capabilities.

It provides support for manipulating capabilities available on modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    if caps::has_cap(None, CapSet::Permitted, Capability::CAP_SYS_NICE)? {
        caps::drop(None, CapSet::Effective, Capability::CAP_SYS_NICE)?;
        let effective = caps::read(None, CapSet::Effective)?;
        assert_eq!(effective.contains(&Capability::CAP_SYS_NICE), false);

        caps::clear(None, CapSet::Effective)?;
        let cleared = caps::read(None, CapSet::Effective)?;
        assert_eq!(cleared.is_empty(), true);
    };

    Ok(())
}

Modules

errors

Error handling.

runtime

Detect kernel features at runtime.

securebits

Manipulate securebits flags

Enums

CapSet

Linux capabilities sets.

Capability

Linux capabilities.

Functions

all

Return the set of all capabilities supported by this library.

clear

Clear all capabilities in a set for a thread.

drop

Drop a single capability from a set for a thread.

has_cap

Check if a thread contains a capability in a set.

raise

Raise a single capability in a set for a thread.

read

Return all capabilities in a set for a thread.

set

Set a capability set for a thread to a new value.

to_canonical

Convert an informal capability name into a canonical form.

Type Definitions

CapsHashSet

An HashSet specialized on Capability.