pub fn walk_capabilities<P: PhysicalMemoryProvider>(
reader: &ObjectReader<P>,
processes: &[ProcessInfo],
) -> Result<Vec<ProcessCapabilities>>Expand description
Walk capability information for each process in the provided list.
For each process, reads task_struct.cred (a pointer to the cred
struct), then reads cap_effective, cap_permitted, cap_inheritable
(each a kernel_cap_t, typically a pair of u32s or a single u64
depending on kernel version) and uid from the cred struct.
Applies classify_capabilities to flag privilege escalation.