Struct DaemonCapabilities 

pub struct DaemonCapabilities {
    pub is_root: bool,
    pub is_nested: bool,
    pub cgroup_parent: Option<String>,
    pub can_write_cgroup_root: bool,
    pub has_cap_net_admin: bool,
    pub tun_device_available: bool,
    pub effective_mode: DaemonMode,
}

Snapshot of the daemon’s effective capabilities and execution environment.

Construct via DaemonCapabilities::probe. Cheap to call repeatedly.

The struct intentionally exposes independent capability bits as separate booleans rather than collapsing them into an enum — each bit corresponds to an orthogonal kernel feature (cgroup write, CAP_NET_ADMIN, TUN access, root-ness) and downstream code wants to inspect them independently when deciding what to gate.

Fields

is_root: bool

true if the process is running as uid 0.

is_nested: bool

true if the process appears to be inside a container (non-root cgroup v2 path).

cgroup_parent: Option<String>

The cgroup v2 path of the current process, if any (e.g. /system.slice/zlayer.service). None on the cgroup root, on cgroup-v1-only hosts, on non-Linux, or on read errors.

can_write_cgroup_root: bool

true if the cgroup root’s cgroup.subtree_control has the owner-write bit set. Coarse, non-destructive signal — does not guarantee an actual write will succeed.

has_cap_net_admin: bool

true if CAP_NET_ADMIN is present in the process’s effective set (Linux only).

tun_device_available: bool

true if /dev/net/tun can be opened r/w in non-blocking mode without EACCES/EPERM/ENOENT/ENXIO. The fd is dropped immediately.

effective_mode: DaemonMode

Coarse classification derived from the above fields.

Implementations

impl DaemonCapabilities

pub fn get() -> &'static Self

Returns the process-wide capability snapshot, probing on first call.

Subsequent calls return the same memoised instance — capabilities of a running daemon do not change at runtime, so re-probing would be wasted syscalls and could create the illusion that the daemon’s behaviour can shift mid-flight.

pub fn seed(caps: Self) -> &'static Self

Eagerly seed the memoised survey with an explicit probe result.

Useful at daemon startup to force the probe to happen at a known point (so the banner log appears in the expected place). Returns the stored instance — if the cache was already seeded, the existing value wins and the passed-in caps is dropped (probe is pure, so this is fine).

Panics

In practice this never panics — OnceLock::set either stores the value or rejects it because the cell is already filled, and in both cases the subsequent get() returns Some. The expect exists only to satisfy the type system.

pub fn probe() -> Self

Probe the running daemon’s effective capabilities.

Cheap — a handful of syscalls and no resource allocation. Prefer DaemonCapabilities::get when you want the process-wide memoised value; call this directly only when you intentionally want a fresh snapshot (e.g. tests).

Trait Implementations

impl Clone for DaemonCapabilities

fn clone(&self) -> DaemonCapabilities

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DaemonCapabilities

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for DaemonCapabilities

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for DaemonCapabilities

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.