capabilities

package module

v0.0.0-...-07073d7 Latest Latest Go to latest Published: Dec 23, 2022 License: MIT Imports: 4 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opcoder0/capabilities

Links

Open Source Insights

Documentation ¶

Index ¶

type Capabilities
- func Init() (*Capabilities, error)
- func (c *Capabilities) IsSet(pid, capability int, capSet CapabilitySet) (bool, error)
type CapabilitySet

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Capabilities ¶

type Capabilities struct {

	// Version has values 1, 2 or 3 depending on the kernel version.
	// Prior to 2.6.25 value is set to 1.
	// For Linux 2.6.25 added 64-bit capability sets the value is set to 2.
	// For Linux 2.6.26 and later the value is set to 3.
	Version int
	// contains filtered or unexported fields
}

Capabilities holds the capabilities header and data

func Init ¶

func Init() (*Capabilities, error)

Init sets a capability state pointer to the initial capability state. The call probes the kernel to determine the capabilities version. After Init Capability.Version is set. The initial value of all flags are cleared. The Capabilities value can be used to get or set capabilities.

func (*Capabilities) IsSet ¶

func (c *Capabilities) IsSet(pid, capability int, capSet CapabilitySet) (bool, error)

IsSet returns true if the capability from the capability list (unix.CAP_*) is set for the pid in the capSet CapabilitySet. Returns false with nil error if the capability is not set. Returns false with an error if there was an error getting capability.

type CapabilitySet ¶

type CapabilitySet int

CapabilitySet holds one of the 4 capability set types

const (
	// Effective is the set of capabilities used by the kernel to perform permission checks for the thread.
	Effective CapabilitySet = 0
	// Permitted is the limiting superset for the effective capabilities that the thread may assume.
	Permitted CapabilitySet = 1
	// Inheritable is the set of capabilities preserved across an execve(2). Inheritable capabilities
	// remain inheritable when executing any program, and inheritable capabilities are added to the
	// permitted set when executing a program that has the corresponding bits set in the file
	// inheritable set.
	Inheritable CapabilitySet = 2
	// Bounding is a mechanism that can be used to limit the capabilities that are gained during execve(2).
	Bounding CapabilitySet = 3
	// Ambient set of capabilities that are preserved across an execve(2) of a program that is not privileged.
	// The ambient capability set obeys the invariant that no capability can ever be ambient if it is not
	// both permitted and inheritable.
	Ambient CapabilitySet = 4
)

Source Files ¶

View all Source files

capabilities.go

Directories ¶

Path	Synopsis
internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL