Module root 

The capability root — the single point where ambient authority enters the system.

CapRoot is the factory for all capability tokens. It exists so that capability creation is explicit and traceable — grep for capsec::root() to find every point where authority enters your application.

Singleton

Only one CapRoot can exist per process. root() panics if called twice; try_root() returns None on the second call. This ensures a single point of authority even in large applications.

Testing

test_root() bypasses the singleton check and is available in debug/test builds (#[cfg(debug_assertions)]). It cannot be enabled in release builds.

Structs

CapRoot

The root of all capabilities. Only one can exist per process.

Functions

root

Creates the singleton capability root. Panics if called more than once.

test_root

Creates a capability root for testing. Bypasses the singleton check.

try_root

Creates the singleton capability root, returning None if already created.