syd 3.52.0

rock-solid application kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

//
// Syd: rock-solid application kernel
// src/utils/syd-cap.rs: Print information on Linux capabilities
//
// Copyright (c) 2024, 2025, 2026 Ali Polatel <alip@chesswob.org>
//
// SPDX-License-Identifier: GPL-3.0

use std::process::ExitCode;

use serde_json::Map;
use syd::caps::CapSet;

// Set global allocator to GrapheneOS allocator.
#[cfg(all(
    not(coverage),
    not(feature = "prof"),
    not(target_os = "android"),
    not(target_arch = "riscv64"),
    target_page_size_4k,
    target_pointer_width = "64"
))]
#[global_allocator]
static GLOBAL: hardened_malloc::HardenedMalloc = hardened_malloc::HardenedMalloc;

// Set global allocator to tcmalloc if profiling is enabled.
#[cfg(feature = "prof")]
#[global_allocator]
static GLOBAL: tcmalloc::TCMalloc = tcmalloc::TCMalloc;

syd::main! {
    use lexopt::prelude::*;

    syd::set_sigpipe_dfl()?;

    // Parse CLI options.
    let mut parser = lexopt::Parser::from_env();
    #[expect(clippy::never_loop)]
    while let Some(arg) = parser.next()? {
        match arg {
            Short('h') => {
                help();
                return Ok(ExitCode::SUCCESS);
            }
            _ => return Err(arg.unexpected().into()),
        }
    }

    let mut cap = Map::new();
    for set in [
        CapSet::Bounding,
        CapSet::Permitted,
        CapSet::Inheritable,
        CapSet::Ambient,
        CapSet::Effective,
    ] {
        let mut vec = Vec::new();

        #[expect(clippy::disallowed_methods)]
        for flag in syd::caps::Capabilities::all() {
            let cap: syd::caps::Capability = flag.try_into().unwrap();
            if syd::caps::has_cap(None, set, cap).expect("syd::caps::has_cap") {
                vec.push(serde_json::Value::String(cap.to_string()));
            }
        }
        cap.insert(set2name(set), serde_json::Value::Array(vec));
    }

    #[expect(clippy::disallowed_methods)]
    let cap = serde_json::to_string_pretty(&cap).unwrap();
    println!("{cap}");

    Ok(ExitCode::SUCCESS)
}

fn set2name(set: CapSet) -> String {
    match set {
        CapSet::Ambient => "ambient",
        CapSet::Bounding => "bounding",
        CapSet::Effective => "effective",
        CapSet::Inheritable => "inheritable",
        CapSet::Permitted => "permitted",
    }
    .to_string()
}

fn help() {
    println!("Usage: syd-cap [-h]");
    println!("Print information on Linux capabilities.");
}