Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lucab/caps-rs

A pure-Rust library to work with Linux capabilities
https://github.com/lucab/caps-rs

capabilities capget capset linux posix-1e

Last synced: 3 days ago
JSON representation

A pure-Rust library to work with Linux capabilities

Host: GitHub
URL: https://github.com/lucab/caps-rs
Owner: lucab
License: other
Created: 2017-02-07T05:06:35.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2023-08-04T20:52:05.000Z (over 1 year ago)
Last Synced: 2024-11-06T03:43:14.777Z (10 days ago)
Topics: capabilities, capget, capset, linux, posix-1e
Language: Rust
Homepage: https://docs.rs/caps
Size: 182 KB
Stars: 82
Watchers: 4
Forks: 20
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE-APACHE-2.0

Awesome Lists containing this project

README

        # caps

[![Build Status](https://travis-ci.com/lucab/caps-rs.svg?branch=master)](https://travis-ci.com/lucab/caps-rs)

[![crates.io](https://img.shields.io/crates/v/caps.svg)](https://crates.io/crates/caps)

[![Documentation](https://docs.rs/caps/badge.svg)](https://docs.rs/caps)

A pure-Rust library to work with Linux capabilities.

`caps` provides support for manipulating capabilities available in modern Linux

kernels. It supports traditional POSIX sets (Effective, Inheritable, Permitted)

as well as Linux-specific Ambient and Bounding capabilities sets.

`caps` provides a simple and idiomatic interface to handle capabilities on Linux.

See `capabilities(7)` for more details.

## Motivations

This library tries to achieve the following goals:

 * fully support modern kernels, including recent capabilities and sets

 * provide an idiomatic interface

 * be usable in static targets, without requiring an external C library

## Example

```rust

type ExResult = Result>;

fn manipulate_caps() -> ExResult<()> {

    use caps::{Capability, CapSet};

    // Retrieve permitted set.

    let cur = caps::read(None, CapSet::Permitted)?;

    println!("Current permitted caps: {:?}.", cur);

    

    // Retrieve effective set.

    let cur = caps::read(None, CapSet::Effective)?;

    println!("Current effective caps: {:?}.", cur);

    

    // Check if CAP_CHOWN is in permitted set.

    let perm_chown = caps::has_cap(None, CapSet::Permitted, Capability::CAP_CHOWN)?;

    if !perm_chown {

        return Err("Try running this as root!".into());

    }

    // Clear all effective caps.

    caps::clear(None, CapSet::Effective)?;

    println!("Cleared effective caps.");

    let cur = caps::read(None, CapSet::Effective)?;

    println!("Current effective caps: {:?}.", cur);

    // Since `CAP_CHOWN` is still in permitted, it can be raised again.

    caps::raise(None, CapSet::Effective, Capability::CAP_CHOWN)?;

    println!("Raised CAP_CHOWN in effective set.");

    let cur = caps::read(None, CapSet::Effective)?;

    println!("Current effective caps: {:?}.", cur);

    Ok(())

}

```

Some more examples are available under [examples](examples).

## License

Licensed under either of

 * MIT license - 

 * Apache License, Version 2.0 - 

at your option.