caps/
securebits.rs

1//! Manipulate securebits flags
2//!
3//! This module exposes methods to get and set per-thread securebits
4//! flags, which can be used to disable special handling of capabilities
5//! for UID 0 (root).
6
7use crate::errors::CapsError;
8use crate::nr;
9use std::io::Error;
10
11/// Return whether the current thread's "keep capabilities" flag is set.
12pub fn has_keepcaps() -> Result<bool, CapsError> {
13    let ret = unsafe { libc::prctl(nr::PR_GET_KEEPCAPS, 0, 0, 0) };
14    match ret {
15        0 => Ok(false),
16        1 => Ok(true),
17        _ => Err(CapsError::from(format!(
18            "PR_GET_KEEPCAPS failure: {}",
19            Error::last_os_error()
20        ))),
21    }
22}
23
24/// Set the value of the current thread's "keep capabilities" flag.
25pub fn set_keepcaps(keep_caps: bool) -> Result<(), CapsError> {
26    let flag = if keep_caps { 1 } else { 0 };
27    let ret = unsafe { libc::prctl(nr::PR_SET_KEEPCAPS, flag, 0, 0) };
28    match ret {
29        0 => Ok(()),
30        _ => Err(CapsError::from(format!(
31            "PR_SET_KEEPCAPS failure: {}",
32            Error::last_os_error()
33        ))),
34    }
35}
caps/securebits.rs

caps/
securebits.rs
