syd 3.52.0

rock-solid application kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

/*!
Detect kernel features at runtime.

This module exposes methods to perform detection of kernel
features at runtime. This allows applications to auto-detect
whether recent options are implemented by the currently
running kernel.

## Example

```ignore
let ambient = caps::runtime::ambient_set_supported().is_ok();
println!("Supported ambient set: {}", ambient);

let all = caps::runtime::procfs_all_supported(None)
    .unwrap_or_else(|_| caps::runtime::thread_all_supported());
println!("Supported capabilities: {}", all.len());
```
!*/

use std::{ffi::CStr, io::Read};

use nix::{errno::Errno, fcntl::OFlag};

use super::{ambient, CapSet, Capabilities, Capability};
use crate::{
    caps::errors::CapsError,
    compat::{openat2, ResolveFlag},
    err::err2no,
    fd::is_empty_file,
    lookup::safe_open_how,
    path::XPath,
    proc::proc_open,
    retry::retry_on_eintr,
};

/// Check whether the running kernel supports the ambient set.
///
/// Ambient set was introduced in Linux kernel 4.3. On recent kernels
/// where the ambient set is supported, this will return `Ok`.
/// On a legacy kernel, an `Err` is returned instead.
pub fn ambient_set_supported() -> Result<(), CapsError> {
    ambient::has_cap(Capability::CAP_CHOWN)?;
    Ok(())
}

/// Return the set of all capabilities supported by the running kernel.
///
/// This requires a mounted proc(5) and a kernel version >= 3.2. By
/// default, it uses `/proc/` as the proc(5) mountpoint.
pub fn procfs_all_supported(proc_mountpoint: Option<&XPath>) -> Result<Capabilities, CapsError> {
    /// See `man 2 capabilities`.
    const LAST_CAP_FILEPATH: &CStr = c"sys/kernel/cap_last_cap";

    // Open file safely.
    let mut fd = proc_open(proc_mountpoint)
        .and_then(|fd| {
            let how_xdev = safe_open_how(
                OFlag::O_RDONLY | OFlag::O_NOCTTY,
                ResolveFlag::RESOLVE_NO_XDEV,
            );
            #[expect(clippy::disallowed_methods)]
            retry_on_eintr(|| openat2(&fd, LAST_CAP_FILEPATH, how_xdev))
        })
        .map_err(CapsError)?;

    // Check the file is an empty file or bail out.
    if !is_empty_file(&fd).unwrap_or(false) {
        return Err(CapsError(Errno::EBADFD));
    }

    let max_cap: u8 = {
        let mut buf = String::with_capacity(4);
        fd.read_to_string(&mut buf)
            .map_err(|err| CapsError(err2no(&err)))?;
        buf.trim_end().parse().or(Err(CapsError(Errno::EINVAL)))?
    };
    drop(fd);

    // Filter the library-known capabilities by kernel's max_cap index
    let supported = {
        // mask with bits [0, max_cap]
        let mask: u64 = if max_cap >= 63 {
            u64::MAX
        } else {
            (1u64 << (u64::from(max_cap) + 1)) - 1
        };

        super::Capabilities::all() & super::Capabilities::from_bits_truncate(mask)
    };

    Ok(supported)
}

/// Return the set of all capabilities supported on the current thread.
///
/// This does not require a mounted `procfs`, and it works with any
/// kernel version >= 2.6.25.
/// It internally uses `prctl(2)` and `PR_CAPBSET_READ`; if those are
/// unavailable, this will result in an empty set.
pub fn thread_all_supported() -> Capabilities {
    let mut supported = Capabilities::empty();

    for flag in Capabilities::all() {
        if let Ok(cap) = Capability::try_from(flag) {
            if super::has_cap(None, CapSet::Bounding, cap).unwrap_or(false) {
                supported |= flag;
            }
        }
    }

    supported
}