/ 
Linux-Capabilities-0.01
River stage zero No dependents
/ Linux::Capabilities

NAME

Linux::Capabilities - a class to manage capabilies in linux written in C.

DESCRIPTION

Linux::Capabilities contains a number of very fast useful functions, written in C.

SYNOPSIS

use Linux::Capabilities;
                   
my $caps_self = Linux::Capabilities->new;# Creating capabilities list for self proccess
my $caps_other = Linux::Capabilities->new(5432);# Creating capabilities list for proccess with pid 5432
my $caps_by_text = Linux::Capabilities->new("all=epi cap_chown-p");# Creating capabilities list from text as in system call cap_from_text
my $caps_empty = Linux::Capabilities->empty;# Creating empty capabilities set

print $caps_self->get_text;
my $all_caps = $caps_self0->get_all;# Hash with capabilities
my $cap_chown = $caps_self->get_value(CAP_CHOWN);
my $cap_kill_effective = $caps_self->get_value(CAP_KILL, CAP_EFFECTIVE);

$cap_self->raise;
$cap_self->raise(CAP_CHOWN);
$cap_self->raise([CAP_CHOWN, CAP_KILL]);
$cap_self->raise(CAP_CHOWN, CAP_EFFECTIVE);
$cap_self->raise(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$cap_self->raise([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

$cap_self->drop;
$cap_self->drop(CAP_CHOWN);
$cap_self->drop([CAP_CHOWN, CAP_KILL]);
$cap_self->drop(CAP_CHOWN, CAP_EFFECTIVE);
$cap_self->drop(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$cap_self->drop([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

$cap_self->submit;

PERL FUNCTIONS

Supposed usage: creating capabilities set with new, getting needed info with get_all, get_value, get_value_flag and is_supported, editing it with raise/drop, and then applying it with submit.

is_supported

$caps->is_supported(12);
Linux::Capabilities::is_supported(12);

is_supported will return 1 if capability that you passed there is supported on your system and 0 otherwise.

new

my $cap = Linux::Capability->new;

returns object that is working with capability set

new

Object is created with capability set from current proccess.

new(5432)

Object is created with capability set from procces with pid that you pass to new.

new("cap_chown=e")

Object is created with capability set made from input string, as in system call cap_from_text in Linux.

empty

Object is created with clear capability set.

get_text

Returns text made from capability set, same as system call cap_to_text in Linux.

my $cap_text = Linux::Capabilities->new("cap_chown=p");

$cap_text will be set to "cap_chown=p"

get_all

Returns capability set as hash reference:

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_all = $caps->get_all;

$cap_all will be set to:

{
    cap_chown => {
        effective => 1,
        permitted => 1,
        inheritable => 0
    },
    cap_kill => {
        effective => 0,
        permitted => 0,
        inheritable => 1
    }
}

get_value

Returns capability falgs as hash reference:

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_chown = $cap_all->get_value(CAP_CHOWN);

$cap_chown will be set to:

{
    effective => 1,
    permitted => 1,
    inheritable => 0,
}

get_value_flag

Returns value of a flag in capability(i.e. flag effective in CAP_CHOWN);

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_chown_eff = $cap_all->get_value_flag(CAP_CHOWN, CAP_EFFECTIVE);

$cap_chown_eff will be set to 1

raise

raise is used to make flags state CAP_SET in your current capabilities set.

raise
$caps->raise;

this will raise all flags in all capabilities

raise($values)
$caps->raise(CAP_CHOWN);
$caps->raise([CAP_CHOWN, CAP_KILL]);

this will raise all flags in capability that you passed as an argument. Argument can be either single number(or constant from capabilities constants) or array of values.

raise($values, $flags)
$caps->raise(CAP_CHOWN, CAP_EFFECTIVE);
$caps->raise([CAP_CHOWN, CAP_KILL], CAP_EFFECTIVE);
$caps->raise(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$caps->raise([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

this will raise a specific flag in capability that you passed as first argument, flag can be either single number(or constant from flag constants) or array of flags;

drop

drop is used to make flags state CAP_CLEAR in your current capabilities set.

drop
$caps->drop;

this will drop all flags in all capabilities

drop($values)
$caps->drop(CAP_CHOWN);
$caps->drop([CAP_CHOWN, CAP_KILL]);

this will drop all flags in capability that you passed as an argument. Argument can be either single number(or constant from capabilities constants) or array of values.

drop($values, $flags)
$caps->drop(CAP_CHOWN, CAP_EFFECTIVE);
$caps->drop([CAP_CHOWN, CAP_KILL], CAP_EFFECTIVE);
$caps->drop(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$caps->drop([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

this will drop a specific flag in capability that you passed as first argument, flag can be either single number(or constant from flag constants) or array of flags;

submit

to apply all changes that you made, you have to execute submit. The changes will be applied to the proccess that is calling this command.

CONSTANTS

to understand for what are this constants are used use see linux man capabilities and man libcap

flag values

when getting capabilities set by get_all, every flag can be either CAP_SET(1) or CAP_CLEAR(1)

CAP_SET
CAP_CLEAR

flags

CAP_EFFECTIVE
CAP_PERMITTED
CAP_INHERITABLE

capabilities

CAP_CHOWN
CAP_DAC_OVERRIDE
CAP_FOWNER
CAP_FSETID
CAP_KILL
CAP_SETGID
CAP_SETUID
CAP_SETPCAP
CAP_LINUX_IMMUTABLE
CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST
CAP_NET_ADMIN
CAP_NET_RAW
CAP_IPC_LOCK
CAP_IPC_OWNER
CAP_SYS_MODULE
CAP_SYS_RAWIO
CAP_SYS_CHROOT
CAP_SYS_PTRACE
CAP_SYS_PACCT
CAP_SYS_ADMIN
CAP_SYS_BOOT
CAP_SYS_NICE
CAP_SYS_RESOURCE
CAP_SYS_TIME
CAP_SYS_TTY_CONFIG
CAP_MKNOD
CAP_LEASE
CAP_AUDIT_WRITE
CAP_AUDIT_CONTROL
CAP_SETFCAP
CAP_MAC_OVERRIDE
CAP_MAC_ADMIN
CAP_SYSLOG
CAP_WAKE_ALARM
CAP_BLOCK_SUSPEND
CAP_AUDIT_READ

AUTHOR

Nichiporenko Vasily <v.nichiporenko@crazypanda.ru>, Crazy Panda

LICENSE

You may distribute this code under the same terms as Perl itself.