capabilities

package
v3.0.3+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 22, 2019 License: BSD-3-Clause Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Permitted capability string constant
	Permitted string = "permitted"
	// Effective capability string constant
	Effective = "effective"
	// Inheritable capability string constant
	Inheritable = "inheritable"
	// Ambient capability string constant
	Ambient = "ambient"
	// Bounding capability string constant
	Bounding = "bounding"
)

Variables

View Source
var Map = map[string]*capability{
	"CAP_CHOWN":            capChown,
	"CAP_DAC_OVERRIDE":     capDacOverride,
	"CAP_DAC_READ_SEARCH":  capDacReadSearch,
	"CAP_FOWNER":           capFowner,
	"CAP_FSETID":           capFsetid,
	"CAP_KILL":             capKill,
	"CAP_SETGID":           capSetgid,
	"CAP_SETUID":           capSetuid,
	"CAP_SETPCAP":          capSetpcap,
	"CAP_LINUX_IMMUTABLE":  capLinuxImmutable,
	"CAP_NET_BIND_SERVICE": capNetBindService,
	"CAP_NET_BROADCAST":    capNetBroadcast,
	"CAP_NET_ADMIN":        capNetAdmin,
	"CAP_NET_RAW":          capNetRaw,
	"CAP_IPC_LOCK":         capIpcLock,
	"CAP_IPC_OWNER":        capIpcOwner,
	"CAP_SYS_MODULE":       capSysModule,
	"CAP_SYS_RAWIO":        capSysRawio,
	"CAP_SYS_CHROOT":       capSysChroot,
	"CAP_SYS_PTRACE":       capSysPtrace,
	"CAP_SYS_PACCT":        capSysPacct,
	"CAP_SYS_ADMIN":        capSysAdmin,
	"CAP_SYS_BOOT":         capSysBoot,
	"CAP_SYS_NICE":         capSysNice,
	"CAP_SYS_RESOURCE":     capSysResource,
	"CAP_SYS_TIME":         capSysTime,
	"CAP_SYS_TTY_CONFIG":   capSysTtyConfig,
	"CAP_MKNOD":            capMknod,
	"CAP_LEASE":            capLease,
	"CAP_AUDIT_WRITE":      capAuditWrite,
	"CAP_AUDIT_CONTROL":    capAuditControl,
	"CAP_SETFCAP":          capSetfcap,
	"CAP_MAC_OVERRIDE":     capMacOverride,
	"CAP_MAC_ADMIN":        capMacAdmin,
	"CAP_SYSLOG":           capSyslog,
	"CAP_WAKE_ALARM":       capWakeAlarm,
	"CAP_BLOCK_SUSPEND":    capBlockSuspend,
	"CAP_AUDIT_READ":       capAuditRead,
}

Map maps each capability name to a struct with details about the capability.

Functions

func RemoveDuplicated

func RemoveDuplicated(caps []string) []string

RemoveDuplicated removes duplicated capability value from provided list and returns it

func Split

func Split(caps string) ([]string, []string)

Split takes a list of capabilities separated by commas and returns a string list with normalized capability name and a second list with unrecognized capabitilies

Types

type Caplist

type Caplist map[string][]string

Caplist defines a map of users/groups with associated list of capabilities

type File

type File struct {
	// contains filtered or unexported fields
}

File represents a file containing a list of users/groups associated with authorized capabilities

func Open

func Open(path string, readonly bool) (*File, error)

Open reads a capability file provided in path and returns a capability file with users/groups authorized capabilities

func (*File) AddGroupCaps

func (f *File) AddGroupCaps(group string, caps []string) error

AddGroupCaps adds an authorized capability set to group

func (*File) AddUserCaps

func (f *File) AddUserCaps(user string, caps []string) error

AddUserCaps adds an authorized capability set to user

func (*File) CheckGroupCaps

func (f *File) CheckGroupCaps(group string, caps []string) (authorized []string, unauthorized []string)

CheckGroupCaps checks if provided capability list for group are whether or not authorized by returning two lists, the first one containing authorized capabilities and the second one containing unauthorized capabilities

func (*File) CheckUserCaps

func (f *File) CheckUserCaps(user string, caps []string) (authorized []string, unauthorized []string)

CheckUserCaps checks if provided capability list for user are whether or not authorized by returning two lists, the first one containing authorized capabilities and the second one containing unauthorized capabilities

func (*File) Close

func (f *File) Close() error

Close closes capability file

func (*File) DropGroupCaps

func (f *File) DropGroupCaps(group string, caps []string) error

DropGroupCaps drops a set of capabilities for group

func (*File) DropUserCaps

func (f *File) DropUserCaps(user string, caps []string) error

DropUserCaps drops a set of capabilities for user

func (*File) ListAllCaps

func (f *File) ListAllCaps() (Caplist, Caplist)

ListAllCaps returns capability list for both authorized users and groups

func (*File) ListGroupCaps

func (f *File) ListGroupCaps(group string) []string

ListGroupCaps returns a capability list authorized for group

func (*File) ListUserCaps

func (f *File) ListUserCaps(user string) []string

ListUserCaps returns a capability list authorized for user

func (*File) Write

func (f *File) Write() error

Write writes capability modification into opened file

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL