#Linux #POSIX #capabilities #getcap #setcap

caps

A pure-Rust library to work with Linux capabilities

9 releases

0.3.4 Jan 9, 2020
0.3.3 Aug 7, 2019
0.3.2 Jun 21, 2019
0.3.0 Aug 19, 2018
0.0.1 Feb 7, 2017

#13 in Unix APIs

Download history 5752/week @ 2019-12-02 5388/week @ 2019-12-09 4807/week @ 2019-12-16 1924/week @ 2019-12-23 3062/week @ 2019-12-30 3731/week @ 2020-01-06 7133/week @ 2020-01-13 6265/week @ 2020-01-20 6041/week @ 2020-01-27 3828/week @ 2020-02-03 3830/week @ 2020-02-10 3271/week @ 2020-02-17 2726/week @ 2020-02-24 2172/week @ 2020-03-02 3293/week @ 2020-03-09 1994/week @ 2020-03-16

22,955 downloads per month
Used in 9 crates (6 directly)

MIT/Apache

35KB
728 lines

caps

Build Status crates.io LoC Documentation

A pure-Rust library to work with Linux capabilities.

caps provides support for manipulating capabilities available in modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

caps provides a simple and idiomatic interface to handle capabilities on Linux. See capabilities(7) for more details.

Motivations

This library tries to achieve the following goals:

  • fully support modern kernels, including recent capabilities and sets
  • provide an idiomatic interface
  • be usable in static targets, without requiring an external C library

Example

extern crate caps;
use caps::{Capability, CapSet};

fn manipulate_caps() {
    // Retrieve permitted set.
    let cur = caps::read(None, CapSet::Permitted).unwrap();
    println!("Current permitted caps: {:?}.", cur);
    
    // Retrieve effective set.
    let cur = caps::read(None, CapSet::Effective).unwrap();
    println!("Current effective caps: {:?}.", cur);
    
    // Check if CAP_CHOWN is in permitted set.
    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN).unwrap();
    if !perm_chown.unwrap() {
        println!("Try running this as root!");
        return;
    }

    // Clear all effective caps.
    caps::clear(None, CapSet::Effective).unwrap();
    println!("Cleared effective caps.");
    let cur = caps::read(None, CapSet::Effective).unwrap();
    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.
    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN).unwrap();
    println!("Raised CAP_CHOWN in effective set.");
    let cur = caps::read(None, CapSet::Effective).unwrap();
    println!("Current effective caps: {:?}.", cur);
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~125KB