#Linux #POSIX #capabilities #getcap #setcap

caps

A pure-Rust library to work with Linux capabilities

11 releases

✓ Uses Rust 2018 edition

0.4.0-alpha.2 Jun 26, 2020
0.3.4 Jan 9, 2020
0.3.3 Aug 7, 2019
0.3.2 Jun 21, 2019
0.0.1 Feb 7, 2017

#13 in Unix APIs

Download history 2021/week @ 2020-03-16 1660/week @ 2020-03-23 1341/week @ 2020-03-30 2338/week @ 2020-04-06 1900/week @ 2020-04-13 1403/week @ 2020-04-20 2084/week @ 2020-04-27 1692/week @ 2020-05-04 1609/week @ 2020-05-11 1937/week @ 2020-05-18 1420/week @ 2020-05-25 1665/week @ 2020-06-01 1277/week @ 2020-06-08 1298/week @ 2020-06-15 1902/week @ 2020-06-22 1973/week @ 2020-06-29

7,164 downloads per month
Used in 11 crates (8 directly)

MIT/Apache

37KB
749 lines

caps

Build Status crates.io Documentation

A pure-Rust library to work with Linux capabilities.

caps provides support for manipulating capabilities available in modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

caps provides a simple and idiomatic interface to handle capabilities on Linux. See capabilities(7) for more details.

Motivations

This library tries to achieve the following goals:

  • fully support modern kernels, including recent capabilities and sets
  • provide an idiomatic interface
  • be usable in static targets, without requiring an external C library

Example

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    // Retrieve permitted set.
    let cur = caps::read(None, CapSet::Permitted)?;
    println!("Current permitted caps: {:?}.", cur);
    
    // Retrieve effective set.
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);
    
    // Check if CAP_CHOWN is in permitted set.
    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN)?;
    if !perm_chown {
        return Err("Try running this as root!".into());
    }

    // Clear all effective caps.
    caps::clear(None, CapSet::Effective)?;
    println!("Cleared effective caps.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.
    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN)?;
    println!("Raised CAP_CHOWN in effective set.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    Ok(())
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~130KB