drop_root_caps/
lib.rs

1// SPDX-License-Identifier: 0BSD
2// Drop Root Capabilities
3// Copyright (C) 2025 by LoRd_MuldeR <mulder2@gmx.de>
4
5#![no_std]
6#![cfg(target_os = "linux")]
7
8use ctor::ctor;
9use libc::{c_long, prctl, PR_CAPBSET_DROP};
10
11// Capability constants
12// See linux/include/uapi/linux/capability.h for details!
13const CAP_CHOWN: c_long = 0;
14const CAP_DAC_OVERRIDE: c_long = 1;
15const CAP_DAC_READ_SEARCH: c_long = 2;
16const CAP_FOWNER: c_long = 3;
17const CAP_FSETID: c_long = 4;
18const CAP_LINUX_IMMUTABLE: c_long = 9;
19const CAP_MKNOD: c_long = 27;
20const CAP_MAC_OVERRIDE: c_long = 32;
21
22/// The initialization function that will run before the "main" function (or any test function)
23#[ctor]
24unsafe fn initialize() {
25    for capability in [CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_LINUX_IMMUTABLE, CAP_MAC_OVERRIDE, CAP_MKNOD] {
26        prctl(PR_CAPBSET_DROP, capability, 0 as c_long, 0 as c_long, 0 as c_long);
27    }
28}