#linux #posix #capabilities #getcap #setcap

caps

A pure-Rust library to work with Linux capabilities

15 releases

0.5.2 May 10, 2021
0.5.1 Feb 15, 2021
0.5.0 Oct 16, 2020
0.4.0-alpha.2 Jun 26, 2020
0.0.1 Feb 7, 2017

#16 in Unix APIs

Download history 2639/week @ 2021-06-01 3942/week @ 2021-06-08 3354/week @ 2021-06-15 2962/week @ 2021-06-22 3096/week @ 2021-06-29 4712/week @ 2021-07-06 4543/week @ 2021-07-13 3662/week @ 2021-07-20 3987/week @ 2021-07-27 4462/week @ 2021-08-03 4117/week @ 2021-08-10 3942/week @ 2021-08-17 4605/week @ 2021-08-24 4106/week @ 2021-08-31 4639/week @ 2021-09-07 6168/week @ 2021-09-14

13,377 downloads per month
Used in 13 crates (11 directly)

MIT/Apache

38KB
758 lines

caps

Build Status crates.io Documentation

A pure-Rust library to work with Linux capabilities.

caps provides support for manipulating capabilities available in modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

caps provides a simple and idiomatic interface to handle capabilities on Linux. See capabilities(7) for more details.

Motivations

This library tries to achieve the following goals:

  • fully support modern kernels, including recent capabilities and sets
  • provide an idiomatic interface
  • be usable in static targets, without requiring an external C library

Example

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    // Retrieve permitted set.
    let cur = caps::read(None, CapSet::Permitted)?;
    println!("Current permitted caps: {:?}.", cur);
    
    // Retrieve effective set.
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);
    
    // Check if CAP_CHOWN is in permitted set.
    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN)?;
    if !perm_chown {
        return Err("Try running this as root!".into());
    }

    // Clear all effective caps.
    caps::clear(None, CapSet::Effective)?;
    println!("Cleared effective caps.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.
    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN)?;
    println!("Raised CAP_CHOWN in effective set.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    Ok(())
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~0.4–0.9MB
~21K SLoC