1// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com> 2// All rights reserved. 3// 4// Use of this source code is governed by a BSD-style license that can be 5// found in the LICENSE file. 6 7// Package capability provides utilities for manipulating POSIX capabilities. 8package capability 9 10type Capabilities interface { 11 // Get check whether a capability present in the given 12 // capabilities set. The 'which' value should be one of EFFECTIVE, 13 // PERMITTED, INHERITABLE or BOUNDING. 14 Get(which CapType, what Cap) bool 15 16 // Empty check whether all capability bits of the given capabilities 17 // set are zero. The 'which' value should be one of EFFECTIVE, 18 // PERMITTED, INHERITABLE or BOUNDING. 19 Empty(which CapType) bool 20 21 // Full check whether all capability bits of the given capabilities 22 // set are one. The 'which' value should be one of EFFECTIVE, 23 // PERMITTED, INHERITABLE or BOUNDING. 24 Full(which CapType) bool 25 26 // Set sets capabilities of the given capabilities sets. The 27 // 'which' value should be one or combination (OR'ed) of EFFECTIVE, 28 // PERMITTED, INHERITABLE or BOUNDING. 29 Set(which CapType, caps ...Cap) 30 31 // Unset unsets capabilities of the given capabilities sets. The 32 // 'which' value should be one or combination (OR'ed) of EFFECTIVE, 33 // PERMITTED, INHERITABLE or BOUNDING. 34 Unset(which CapType, caps ...Cap) 35 36 // Fill sets all bits of the given capabilities kind to one. The 37 // 'kind' value should be one or combination (OR'ed) of CAPS or 38 // BOUNDS. 39 Fill(kind CapType) 40 41 // Clear sets all bits of the given capabilities kind to zero. The 42 // 'kind' value should be one or combination (OR'ed) of CAPS or 43 // BOUNDS. 44 Clear(kind CapType) 45 46 // String return current capabilities state of the given capabilities 47 // set as string. The 'which' value should be one of EFFECTIVE, 48 // PERMITTED, INHERITABLE or BOUNDING. 49 StringCap(which CapType) string 50 51 // String return current capabilities state as string. 52 String() string 53 54 // Load load actual capabilities value. This will overwrite all 55 // outstanding changes. 56 Load() error 57 58 // Apply apply the capabilities settings, so all changes will take 59 // effect. 60 Apply(kind CapType) error 61} 62 63// NewPid create new initialized Capabilities object for given pid when it 64// is nonzero, or for the current pid if pid is 0 65func NewPid(pid int) (Capabilities, error) { 66 return newPid(pid) 67} 68 69// NewFile create new initialized Capabilities object for given named file. 70func NewFile(name string) (Capabilities, error) { 71 return newFile(name) 72} 73