use super::{ambient, CapSet, Capability, CapsHashSet};
use crate::errors::CapsError;
use std::io::Read;
use std::path::{Path, PathBuf};
pub fn ambient_set_supported() -> Result<(), CapsError> {
ambient::has_cap(Capability::CAP_CHOWN)?;
Ok(())
}
pub fn procfs_all_supported(proc_mountpoint: Option<PathBuf>) -> Result<CapsHashSet, CapsError> {
const LAST_CAP_FILEPATH: &str = "./sys/kernel/cap_last_cap";
let last_cap_path = proc_mountpoint
.unwrap_or_else(|| PathBuf::from("/proc/"))
.join(Path::new(LAST_CAP_FILEPATH));
let max_cap: u8 = {
let mut buf = String::with_capacity(4);
std::fs::File::open(last_cap_path.clone())
.and_then(|mut file| file.read_to_string(&mut buf))
.map_err(|e| format!("failed to read '{}': {}", last_cap_path.display(), e))?;
buf.trim_end()
.parse()
.map_err(|e| format!("failed to parse '{}': {}", last_cap_path.display(), e))?
};
let mut supported = super::all();
for c in super::all() {
if c.index() > max_cap {
supported.remove(&c);
}
}
Ok(supported)
}
pub fn thread_all_supported() -> CapsHashSet {
let mut supported = super::all();
for c in super::all() {
if super::has_cap(None, CapSet::Bounding, c).is_err() {
supported.remove(&c);
}
}
supported
}