seqknock_common/
caps.rs

1pub use caps::errors::CapsError;
2use caps::{CapSet, Capability};
3
4pub fn drop_to_only_net_admin() -> Result<(), CapsError> {
5    // Graceful exit to be able to show help in case of no caps
6    if caps::read(None, CapSet::Permitted)?.is_empty() {
7        return Ok(());
8    }
9    let mut keep = caps::CapsHashSet::new();
10    keep.insert(Capability::CAP_NET_ADMIN);
11    caps::set(None, CapSet::Effective, &keep)?;
12    caps::set(None, CapSet::Inheritable, &keep)?;
13    caps::set(None, CapSet::Permitted, &keep)?;
14
15    Ok(())
16}
17
18pub fn has_net_admin() -> Result<bool, CapsError> {
19    caps::has_cap(None, CapSet::Effective, Capability::CAP_NET_ADMIN)
20}
seqknock_common/caps.rs

seqknock_common/
caps.rs
