Crate capctl

capctl

A library for manipulating Linux capabilities and making prctl() calls.

Potential Pitfalls

• See Handling of newly-added capabilities. This can create security issues if it is not accounted for.

Handling of capabilities not supported by the kernel

When a binary using this library is running on an older kernel that does not support a few newly-added capabilities, here is how this library will handle them:

• caps::Cap::is_supported() and caps::Cap::probe_supported() can be used to detect that the capability is unsupported (cap.is_supported() will return false, and Cap::probe_supported() will not include it in the returned set).
• caps::CapState and caps::FullCapState will never include the unsupported capability(s) in the returned capability sets.
• Trying to include the unsupported capability(s) in the new permitted/effective/inheritable sets with caps::CapState::set_current() will cause them to be silently removed from the new sets. (This is a kernel limitation.)
• The following functions will return an Error with code EINVAL if passed the unsupported capability:
  • caps::bounding::drop()
  • caps::ambient::raise()
  • caps::ambient::lower()
• caps::ambient::is_set() and caps::bounding::read() will return None if passed the unsupported capability.

Handling of newly-added capabilities

Conversely, when a binary using this library is running on a newer kernel that has added one or more new capabilities, issues can arise. Here is how this library will handle those capabilities:

• If the permitted, effective, and/or inheritable capability sets of this process are modified (in any way) using caps::CapState, the unknown capability(s) will be removed from the permitted, effective, and inheritable sets.
• The following functions are the ONLY functions in this crate that can be used to remove the unknown capability(s) from the ambient/bounding sets (see their documentation for more information):
  • caps::ambient::clear()
  • caps::ambient::clear_unknown()
  • caps::bounding::clear()
  • caps::bounding::clear_unknown()

As a result, if you are trying to clear the ambient and/or bounding capability sets, you must call the clear() or clear_unknown() function for whichever set you want to clear.

Re-exports

• pub use caps::*;
• pub use prctl::*;

Modules

• caps
  Interfaces to Linux capabilities.
• prctl
  Interfaces to prctl() commands that don’t deal with capabilities.

Macros

• capset
  A helper macro to statically construct a CapSet from a list of capabilities.

Structs

• Error
  Represents an OS error encountered when performing an operation.

Type Aliases

• Result