#Linux #POSIX #capabilities #getcap #setcap

caps

A pure-Rust library to work with Linux capabilities

13 unstable releases (5 breaking)

0.5.0 Oct 16, 2020
0.4.0-alpha.2 Jun 26, 2020
0.3.4 Jan 9, 2020
0.3.3 Aug 7, 2019
0.0.1 Feb 7, 2017

#14 in Unix APIs

Download history 3024/week @ 2020-07-09 2376/week @ 2020-07-16 2199/week @ 2020-07-23 1978/week @ 2020-07-30 2560/week @ 2020-08-06 3170/week @ 2020-08-13 2248/week @ 2020-08-20 2515/week @ 2020-08-27 1251/week @ 2020-09-03 1138/week @ 2020-09-10 1925/week @ 2020-09-17 2156/week @ 2020-09-24 1357/week @ 2020-10-01 2884/week @ 2020-10-08 2726/week @ 2020-10-15 1990/week @ 2020-10-22

9,306 downloads per month
Used in 11 crates (8 directly)

MIT/Apache

38KB
754 lines

caps

Build Status crates.io Documentation

A pure-Rust library to work with Linux capabilities.

caps provides support for manipulating capabilities available in modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

caps provides a simple and idiomatic interface to handle capabilities on Linux. See capabilities(7) for more details.

Motivations

This library tries to achieve the following goals:

  • fully support modern kernels, including recent capabilities and sets
  • provide an idiomatic interface
  • be usable in static targets, without requiring an external C library

Example

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    // Retrieve permitted set.
    let cur = caps::read(None, CapSet::Permitted)?;
    println!("Current permitted caps: {:?}.", cur);
    
    // Retrieve effective set.
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);
    
    // Check if CAP_CHOWN is in permitted set.
    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN)?;
    if !perm_chown {
        return Err("Try running this as root!".into());
    }

    // Clear all effective caps.
    caps::clear(None, CapSet::Effective)?;
    println!("Cleared effective caps.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.
    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN)?;
    println!("Raised CAP_CHOWN in effective set.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    Ok(())
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~0.4–0.9MB
~22K SLoC