The highest tagged major version is v4.

capabilities

package

v3.0.2+incompatible Latest Latest Go to latest Published: Jan 4, 2019 License: BSD-3-Clause Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sylabs/singularity

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func RemoveDuplicated(caps []string) []string
func Split(caps string) ([]string, []string)
type Caplist
type File
- func Open(path string, readonly bool) (*File, error)

Constants ¶

View Source

const (
	// Permitted capability string constant
	Permitted string = "permitted"
	// Effective capability string constant
	Effective = "effective"
	// Inheritable capability string constant
	Inheritable = "inheritable"
	// Ambient capability string constant
	Ambient = "ambient"
	// Bounding capability string constant
	Bounding = "bounding"
)

Variables ¶

View Source

var Map = map[string]*capability{
	"CAP_CHOWN":            capChown,
	"CAP_DAC_OVERRIDE":     capDacOverride,
	"CAP_DAC_READ_SEARCH":  capDacReadSearch,
	"CAP_FOWNER":           capFowner,
	"CAP_FSETID":           capFsetid,
	"CAP_KILL":             capKill,
	"CAP_SETGID":           capSetgid,
	"CAP_SETUID":           capSetuid,
	"CAP_SETPCAP":          capSetpcap,
	"CAP_LINUX_IMMUTABLE":  capLinuxImmutable,
	"CAP_NET_BIND_SERVICE": capNetBindService,
	"CAP_NET_BROADCAST":    capNetBroadcast,
	"CAP_NET_ADMIN":        capNetAdmin,
	"CAP_NET_RAW":          capNetRaw,
	"CAP_IPC_LOCK":         capIpcLock,
	"CAP_IPC_OWNER":        capIpcOwner,
	"CAP_SYS_MODULE":       capSysModule,
	"CAP_SYS_RAWIO":        capSysRawio,
	"CAP_SYS_CHROOT":       capSysChroot,
	"CAP_SYS_PTRACE":       capSysPtrace,
	"CAP_SYS_PACCT":        capSysPacct,
	"CAP_SYS_ADMIN":        capSysAdmin,
	"CAP_SYS_BOOT":         capSysBoot,
	"CAP_SYS_NICE":         capSysNice,
	"CAP_SYS_RESOURCE":     capSysResource,
	"CAP_SYS_TIME":         capSysTime,
	"CAP_SYS_TTY_CONFIG":   capSysTtyConfig,
	"CAP_MKNOD":            capMknod,
	"CAP_LEASE":            capLease,
	"CAP_AUDIT_WRITE":      capAuditWrite,
	"CAP_AUDIT_CONTROL":    capAuditControl,
	"CAP_SETFCAP":          capSetfcap,
	"CAP_MAC_OVERRIDE":     capMacOverride,
	"CAP_MAC_ADMIN":        capMacAdmin,
	"CAP_SYSLOG":           capSyslog,
	"CAP_WAKE_ALARM":       capWakeAlarm,
	"CAP_BLOCK_SUSPEND":    capBlockSuspend,
	"CAP_AUDIT_READ":       capAuditRead,
}

Map maps each capability name to a struct with details about the capability.

Functions ¶

func RemoveDuplicated ¶

func RemoveDuplicated(caps []string) []string

RemoveDuplicated removes duplicated capability value from provided list and returns it

func Split ¶

func Split(caps string) ([]string, []string)

Split takes a list of capabilities separated by commas and returns a string list with normalized capability name and a second list with unrecognized capabitilies

Types ¶

type Caplist ¶

type Caplist map[string][]string

Caplist defines a map of users/groups with associated list of capabilities

type File ¶

type File struct {
	// contains filtered or unexported fields
}

File represents a file containing a list of users/groups associated with authorized capabilities

func Open ¶

func Open(path string, readonly bool) (*File, error)

Open reads a capability file provided in path and returns a capability file with users/groups authorized capabilities

func (*File) AddGroupCaps ¶

func (f *File) AddGroupCaps(group string, caps []string) error

AddGroupCaps adds an authorized capability set to group

func (*File) AddUserCaps ¶

func (f *File) AddUserCaps(user string, caps []string) error

AddUserCaps adds an authorized capability set to user

func (*File) CheckGroupCaps ¶

func (f *File) CheckGroupCaps(group string, caps []string) (authorized []string, unauthorized []string)

CheckGroupCaps checks if provided capability list for group are whether or not authorized by returning two lists, the first one containing authorized capabilities and the second one containing unauthorized capabilities

func (*File) CheckUserCaps ¶

func (f *File) CheckUserCaps(user string, caps []string) (authorized []string, unauthorized []string)

CheckUserCaps checks if provided capability list for user are whether or not authorized by returning two lists, the first one containing authorized capabilities and the second one containing unauthorized capabilities

func (*File) Close ¶

func (f *File) Close() error

Close closes capability file

func (*File) DropGroupCaps ¶

func (f *File) DropGroupCaps(group string, caps []string) error

DropGroupCaps drops a set of capabilities for group

func (*File) DropUserCaps ¶

func (f *File) DropUserCaps(user string, caps []string) error

DropUserCaps drops a set of capabilities for user

func (*File) ListAllCaps ¶

func (f *File) ListAllCaps() (Caplist, Caplist)

ListAllCaps returns capability list for both authorized users and groups

func (*File) ListGroupCaps ¶

func (f *File) ListGroupCaps(group string) []string

ListGroupCaps returns a capability list authorized for group

func (*File) ListUserCaps ¶

func (f *File) ListUserCaps(user string) []string

ListUserCaps returns a capability list authorized for user

func (*File) Write ¶

func (f *File) Write() error

Write writes capability modification into opened file

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL