-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcaps_file.go
71 lines (61 loc) · 2.08 KB
/
caps_file.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package caps
/*
#include <stdlib.h>
#include <sys/capability.h>
#cgo LDFLAGS: -lcap
*/
import "C"
import (
"os"
"unsafe"
)
// GetFile reads a capability state from the given file.
//
// The effects of reading the capability state from any file other than a
// regular file is undefined.
func GetFile(f *os.File) (*Cap, error) {
c_cap, err := C.cap_get_fd(C.int(f.Fd()))
if c_cap == nil {
return nil, err
}
return create(c_cap), nil
}
// GetFilePath reads a capability state from the given file.
//
// The effects of reading the capability state from any file other than a
// regular file is undefined.
func GetFilePath(path string) (*Cap, error) {
cPath := C.CString(path)
defer C.free(unsafe.Pointer(cPath))
c_cap, err := C.cap_get_file(cPath)
if c_cap == nil {
return nil, err
}
return create(c_cap), nil
}
// SetFile set the values for all capability flags for all capabilities for the
// file with the given capability state.
//
// For this functions to succeed, the calling process must have the effective
// capability, CAP_SETFCAP, enabled and either the effective user ID of the
// process must match the file owner or the calling process must have the
// CAP_FOWNER flag in its effective capability set. The effects of writing the
// capability state to any file type other than a regular file are undefined.
func SetFile(f *os.File, c Cap) error {
r, err := C.cap_set_fd(C.int(f.Fd()), c.c)
return _err(r, err)
}
// SetFilePath set the values for all capability flags for all capabilities for
// the file with the given capability state.
//
// For this functions to succeed, the calling process must have the effective
// capability, CAP_SETFCAP, enabled and either the effective user ID of the
// process must match the file owner or the calling process must have the
// CAP_FOWNER flag in its effective capability set. The effects of writing the
// capability state to any file type other than a regular file are undefined.
func (c Cap) SetFilePath(path string) error {
cPath := C.CString(path)
defer C.free(unsafe.Pointer(cPath))
r, err := C.cap_set_file(cPath, c.c)
return _err(r, err)
}