Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Capabilities ¶
type Capabilities struct { // Version has values 1, 2 or 3 depending on the kernel version. // Prior to 2.6.25 value is set to 1. // For Linux 2.6.25 added 64-bit capability sets the value is set to 2. // For Linux 2.6.26 and later the value is set to 3. Version int // contains filtered or unexported fields }
Capabilities holds the capabilities header and data
func Init ¶
func Init() (*Capabilities, error)
Init sets a capability state pointer to the initial capability state. The call probes the kernel to determine the capabilities version. After Init Capability.Version is set. The initial value of all flags are cleared. The Capabilities value can be used to get or set capabilities.
func (*Capabilities) IsSet ¶
func (c *Capabilities) IsSet(pid, capability int, capSet CapabilitySet) (bool, error)
IsSet returns true if the capability from the capability list (unix.CAP_*) is set for the pid in the capSet CapabilitySet. Returns false with nil error if the capability is not set. Returns false with an error if there was an error getting capability.
type CapabilitySet ¶
type CapabilitySet int
CapabilitySet holds one of the 4 capability set types
const ( // Effective is the set of capabilities used by the kernel to perform permission checks for the thread. Effective CapabilitySet = 0 // Permitted is the limiting superset for the effective capabilities that the thread may assume. Permitted CapabilitySet = 1 // Inheritable is the set of capabilities preserved across an execve(2). Inheritable capabilities // remain inheritable when executing any program, and inheritable capabilities are added to the // permitted set when executing a program that has the corresponding bits set in the file // inheritable set. Inheritable CapabilitySet = 2 // Bounding is a mechanism that can be used to limit the capabilities that are gained during execve(2). Bounding CapabilitySet = 3 // Ambient set of capabilities that are preserved across an execve(2) of a program that is not privileged. // The ambient capability set obeys the invariant that no capability can ever be ambient if it is not // both permitted and inheritable. Ambient CapabilitySet = 4 )