1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
use super::{ambient, CapSet, Capability, CapsHashSet};
use crate::errors::CapsError;
use std::io::Read;
use std::path::{Path, PathBuf};
pub fn ambient_set_supported() -> Result<(), CapsError> {
ambient::has_cap(Capability::CAP_CHOWN)?;
Ok(())
}
pub fn procfs_all_supported(proc_mountpoint: Option<PathBuf>) -> Result<CapsHashSet, CapsError> {
const LAST_CAP_FILEPATH: &str = "./sys/kernel/cap_last_cap";
let last_cap_path = proc_mountpoint
.unwrap_or_else(|| PathBuf::from("/proc/"))
.join(Path::new(LAST_CAP_FILEPATH));
let max_cap: u8 = {
let mut buf = String::with_capacity(4);
std::fs::File::open(last_cap_path.clone())
.and_then(|mut file| file.read_to_string(&mut buf))
.map_err(|e| format!("failed to read '{}': {}", last_cap_path.display(), e))?;
buf.trim_end()
.parse()
.map_err(|e| format!("failed to parse '{}': {}", last_cap_path.display(), e))?
};
let mut supported = super::all();
for c in super::all() {
if c.index() > max_cap {
supported.remove(&c);
}
}
Ok(supported)
}
pub fn thread_all_supported() -> CapsHashSet {
let mut supported = super::all();
for c in super::all() {
if super::has_cap(None, CapSet::Bounding, c).is_err() {
supported.remove(&c);
}
}
supported
}