#linux #posix #capabilities #getcap #setcap

caps

A pure-Rust library to work with Linux capabilities

14 unstable releases (5 breaking)

0.5.1 Feb 15, 2021
0.5.0 Oct 16, 2020
0.4.0 Aug 10, 2020
0.4.0-alpha.2 Jun 26, 2020
0.0.1 Feb 7, 2017

#9 in Unix APIs

Download history 1395/week @ 2020-11-07 2755/week @ 2020-11-14 621/week @ 2020-11-21 2576/week @ 2020-11-28 1853/week @ 2020-12-05 2435/week @ 2020-12-12 670/week @ 2020-12-19 553/week @ 2020-12-26 2390/week @ 2021-01-02 1064/week @ 2021-01-09 1322/week @ 2021-01-16 1328/week @ 2021-01-23 1430/week @ 2021-01-30 1785/week @ 2021-02-06 1911/week @ 2021-02-13 1819/week @ 2021-02-20

6,608 downloads per month
Used in 11 crates (8 directly)

MIT/Apache

38KB
758 lines

caps

Build Status crates.io Documentation

A pure-Rust library to work with Linux capabilities.

caps provides support for manipulating capabilities available in modern Linux kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted) as well as Linux-specific Ambient and Bounding capabilities sets.

caps provides a simple and idiomatic interface to handle capabilities on Linux. See capabilities(7) for more details.

Motivations

This library tries to achieve the following goals:

  • fully support modern kernels, including recent capabilities and sets
  • provide an idiomatic interface
  • be usable in static targets, without requiring an external C library

Example

type ExResult<T> = Result<T, Box<dyn std::error::Error + 'static>>;

fn manipulate_caps() -> ExResult<()> {
    use caps::{Capability, CapSet};

    // Retrieve permitted set.
    let cur = caps::read(None, CapSet::Permitted)?;
    println!("Current permitted caps: {:?}.", cur);
    
    // Retrieve effective set.
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);
    
    // Check if CAP_CHOWN is in permitted set.
    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN)?;
    if !perm_chown {
        return Err("Try running this as root!".into());
    }

    // Clear all effective caps.
    caps::clear(None, CapSet::Effective)?;
    println!("Cleared effective caps.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.
    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN)?;
    println!("Raised CAP_CHOWN in effective set.");
    let cur = caps::read(None, CapSet::Effective)?;
    println!("Current effective caps: {:?}.", cur);

    Ok(())
}

Some more examples are available under examples.

License

Licensed under either of

at your option.

Dependencies

~0.4–0.9MB
~21K SLoC