syndtr / gocapability Goto Github PK
View Code? Open in Web Editor NEWUtilities for manipulating POSIX capabilities in Go.
License: BSD 2-Clause "Simplified" License
Utilities for manipulating POSIX capabilities in Go.
License: BSD 2-Clause "Simplified" License
runc --help will read file "/proc/sys/kernel/cap_last_cap" I want read it when I need.
Please, Write README file about the packages and its API.
Trying on golang:latest
image; fileCap.Apply() does not seem to be doing anything
Runnning the following code produces the following output:
false
false
No other error is reported in any shape or form
package main
import (
"fmt"
"os"
"github.com/syndtr/gocapability/capability"
)
func main() {
filepath := "/tmp/dummy.sh"
_, err := os.Create(filepath)
if err != nil {
panic("Failed to create file")
}
fileCap, err := capability.NewFile2(filepath)
if err != nil || fileCap == nil {
panic("Failed to create capability object")
}
err = fileCap.Load()
if err != nil {
panic("Failed to load capabilities")
}
fileCap.Set(capability.PERMITTED, capability.CAP_NET_BIND_SERVICE, capability.CAP_SYS_ADMIN)
err = fileCap.Apply(capability.PERMITTED)
if err != nil {
panic("Failed to apply capabilities")
}
fileCap, err = capability.NewFile2(filepath)
if err != nil {
panic("Failed to instantiate capabilities")
}
err = fileCap.Load()
if err != nil {
panic("Failed to load capabilities")
}
fmt.Println(fileCap.Get(capability.PERMITTED, capability.CAP_NET_BIND_SERVICE))
fmt.Println(fileCap.Get(capability.PERMITTED, capability.CAP_SYS_ADMIN))
}
Please consider assigning version numbers and tagging releases. Tags/releases
are useful for downstream package maintainers (in Debian and other distributions) to export source tarballs, automatically track new releases and to declare dependencies between packages. Read more in the Debian Upstream Guide.
Versioning provides additional benefits to encourage vendoring of a particular (e.g. latest stable) release contrary to random unreleased snapshots.
Thank you.
See also
Hello, I wrote a test program, as following:
package main
import (
"fmt"
"github.com/syndtr/gocapability/capability"
)
func main() {
processCaps, err := capability.NewPid(0)
if err != nil {
fmt.Println("failed to create pid")
}
processCaps.Set(capability.BOUNDING,capability.CAP_CHOWN)
processCaps.Set(capability.EFFECTIVE,capability.CAP_CHOWN)
processCaps.Set(capability.PERMITTED,capability.CAP_CHOWN)
processCaps.Set(capability.INHERITABLE,capability.CAP_CHOWN)
processCaps.Set(capability.AMBIENT,capability.CAP_CHOWN)
if err := processCaps.Apply(capability.CAPS | capability.BOUNDS | capability.AMBIENT); err != nil {
fmt.Println("failed to apply")
}
processCaps2, err := capability.NewPid(0)
if err != nil {
fmt.Println("failed to create pid")
}
set := processCaps2.Get(capability.AMBIENT, capability.CAP_CHOWN)
if !set {
fmt.Println("failed to set")
}
}
And the result is
$ sudo go run test.go
failed to set
Is there a bug with library or used it in a wrong way?
Is there a way to access the data
of security.capability
?
I want to add capabilities to files in a tar archive. This library would do exactly what I need, except that it seems like there is no way to get the actual data
. I only found setVfsCap
which directly sets it on a file. It would be great if there would be something like VFSCap() []byte
which would return a byte array which I can directly write into a PAXRecords
from the golang tar library.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.