boxxy 0.14.0

Linkable sandbox explorer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

use caps::{Capability, CapSet};
use clap::{App, Arg, AppSettings, ArgGroup};
use crate::{Shell, Arguments};
use crate::errors::*;
use std::result;
use std::str::FromStr;
use std::collections::HashSet;


pub fn caps(sh: &mut Shell, args: Arguments) -> Result<()> {
    let matches = App::new("caps")
        .setting(AppSettings::DisableVersion)
        .group(ArgGroup::with_name("capset")
            .args(&["effective", "bounding", "inheritable", "ambient"])
        )
        .arg(Arg::with_name("effective")
                    .short('e')
                    .long("effective")
                    .help("Operate on the effective capset instead of the permitted capset"))
        .arg(Arg::with_name("bounding")
                    .short('b')
                    .long("bounding")
                    .help("Operate on the bounding capset instead of the permitted capset"))
        .arg(Arg::with_name("inheritable")
                    .short('i')
                    .long("inheritable")
                    .help("Operate on the inheritable capset instead of the permitted capset"))
        .arg(Arg::with_name("ambient")
                    .short('a')
                    .long("ambient")
                    .help("Operate on the ambient capset instead of the permitted capset"))
        .arg(Arg::with_name("clear")
                    .short('c')
                    .long("clear")
                    .help("Clear all capabilities"))
        .arg(Arg::with_name("drop")
                    .short('d')
                    .long("drop")
                    .help("Drop specific capabilities"))
        .arg(Arg::with_name("raise")
                    .short('r')
                    .long("raise")
                    .help("Add capabilities to capability set"))
        .arg(Arg::with_name("set")
                    .short('s')
                    .long("set")
                    .help("Set the capability set"))
        .arg(Arg::with_name("capabilities")
            .multiple(true)
        )
        .get_matches_from_safe(args)?;

    let clear = matches.occurrences_of("clear") > 0;
    let drop = matches.occurrences_of("drop") > 0;
    let raise = matches.occurrences_of("raise") > 0;
    let set = matches.occurrences_of("set") > 0;

    let capabilities = match matches.values_of("capabilities") {
        Some(caps) => caps.map(Capability::from_str)
                          .collect::<result::Result<_, _>>()?,
        None => HashSet::new(),
    };

    let capset = if matches.is_present("effective") {
        CapSet::Effective
    } else if matches.is_present("bounding") {
        CapSet::Bounding
    } else if matches.is_present("inheritable") {
        CapSet::Inheritable
    } else if matches.is_present("ambient") {
        CapSet::Ambient
    } else {
        CapSet::Permitted
    };

    if clear {
        info!("caps(clear)");
        caps::clear(None, capset)?;
    } else if drop {
        for cap in capabilities {
            info!("caps(drop): {:?}", cap);
            caps::drop(None, capset, cap)?;
        }
    } else if raise {
        for cap in capabilities {
            info!("caps(raise): {:?}", cap);
            caps::raise(None, capset, cap)?;
        }
    } else if set {
        info!("caps(set): {:?}", capabilities);
        caps::set(None, capset, &capabilities)?;
    } else {
        let caps = caps::read(None, capset)?;
        shprintln!(sh, "{:?}", caps);
    }

    Ok(())
}