NAME

Linux::Capabilities - a class to manage capabilies in linux written in C.

DESCRIPTION

Linux::Capabilities contains a number of very fast useful functions, written in C.

SYNOPSIS

use Linux::Capabilities;
                   
my $caps_self = Linux::Capabilities->new;# Creating capabilities list for self proccess
my $caps_other = Linux::Capabilities->new(5432);# Creating capabilities list for proccess with pid 5432
my $caps_by_text = Linux::Capabilities->new("all=epi cap_chown-p");# Creating capabilities list from text as in system call cap_from_text
my $caps_empty = Linux::Capabilities->empty;# Creating empty capabilities set

my $caps_from_file = Linux::Capabilities->from_file("./file");# Creating capabilities set from file

print $caps_self->get_text;
my $all_caps = $caps_self0->get_all;# Hash with capabilities
my $cap_chown = $caps_self->get_value(CAP_CHOWN);
my $cap_kill_effective = $caps_self->get_value(CAP_KILL, CAP_EFFECTIVE);

$cap_self->raise;
$cap_self->raise(CAP_CHOWN);
$cap_self->raise([CAP_CHOWN, CAP_KILL]);
$cap_self->raise(CAP_CHOWN, CAP_EFFECTIVE);
$cap_self->raise(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$cap_self->raise([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

$cap_self->drop;
$cap_self->drop(CAP_CHOWN);
$cap_self->drop([CAP_CHOWN, CAP_KILL]);
$cap_self->drop(CAP_CHOWN, CAP_EFFECTIVE);
$cap_self->drop(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$cap_self->drop([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

$cap_self->submit;
$cap_self->submit_to_file("./file");

PERL FUNCTIONS

Supposed usage: creating capabilities set with new, getting needed info with get_all, get_value, get_value_flag and is_supported, editing it with raise/drop, and then applying it with submit.

is_supported

$caps->is_supported(12);
Linux::Capabilities::is_supported(12);

is_supported will return 1 if capability that you passed there is supported on your system and 0 otherwise.

get_name

my $name1 = $caps->get_name(CAP_CHOWN); # $name1 = "cap_chown"
my $name2 = Linux::Capabilities::get_name(CAP_NET_BIND_SERVICE); # $name2 = "cap_net_bind_service"

new

my $cap = Linux::Capability->new;

returns object that is working with capability set

new: Object is created with capability set from current proccess.
new(5432): Object is created with capability set from procces with pid that you pass to new.
new("cap_chown=e"): Object is created with capability set made from input string, as in system call cap_from_text in Linux.

from_file

my $caps = Linux::Capabilities->from_file("./foo.pl");

Object is created with capability set from a file.

empty

Object is created with clear capability set.

get_text

Returns text made from capability set, same as system call cap_to_text in Linux.

my $cap_text = Linux::Capabilities->new("cap_chown=p");

$cap_text will be set to "cap_chown=p"

get_all

Returns capability set as hash reference:

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_all = $caps->get_all;

$cap_all will be set to:

{
    cap_chown => {
        effective => 1,
        permitted => 1,
        inheritable => 0
    },
    cap_kill => {
        effective => 0,
        permitted => 0,
        inheritable => 1
    }
}

get_value

Returns capability flags as hash reference:

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_chown = $cap_all->get_value(CAP_CHOWN);

$cap_chown will be set to:

{
    effective => 1,
    permitted => 1,
    inheritable => 0,
}

get_value_flag

Returns value of a flag in capability(i.e. flag effective in CAP_CHOWN);

my $caps = Linux::Capabilities->new("cap_chown=ep cap_kill=i");
my $cap_chown_eff = $cap_all->get_value_flag(CAP_CHOWN, CAP_EFFECTIVE);

$cap_chown_eff will be set to 1

raise

raise is used to make flags state CAP_SET in your current capabilities set.

raise

$caps->raise;

this will raise all flags in all capabilities

raise($values)

$caps->raise(CAP_CHOWN);
$caps->raise([CAP_CHOWN, CAP_KILL]);

this will raise all flags in capability that you passed as an argument. Argument can be either single number(or constant from capabilities constants) or array of values.

raise($values, $flags)

$caps->raise(CAP_CHOWN, CAP_EFFECTIVE);
$caps->raise([CAP_CHOWN, CAP_KILL], CAP_EFFECTIVE);
$caps->raise(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$caps->raise([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

this will raise a specific flag in capability that you passed as first argument, flag can be either single number(or constant from flag constants) or array of flags;

drop

drop is used to make flags state CAP_CLEAR in your current capabilities set.

drop

$caps->drop;

this will drop all flags in all capabilities

drop($values)

$caps->drop(CAP_CHOWN);
$caps->drop([CAP_CHOWN, CAP_KILL]);

this will drop all flags in capability that you passed as an argument. Argument can be either single number(or constant from capabilities constants) or array of values.

drop($values, $flags)

$caps->drop(CAP_CHOWN, CAP_EFFECTIVE);
$caps->drop([CAP_CHOWN, CAP_KILL], CAP_EFFECTIVE);
$caps->drop(CAP_CHOWN, [CAP_EFFECTIVE, CAP_PERMITTED]);
$caps->drop([CAP_CHOWN, CAP_KILL], [CAP_EFFECTIVE, CAP_PERMITTED]);

this will drop a specific flag in capability that you passed as first argument, flag can be either single number(or constant from flag constants) or array of flags;

submit

to apply all changes that you made, you have to execute submit. The changes will be applied to the proccess that is calling this command.

submit_to_file

$caps->submit_to_file("./foo.pl");

Allows you to write current capabilities set to a file

CONSTANTS

to understand for what are this constants are used use see linux man capabilities and man libcap

flag values

when getting capabilities set by get_all, every flag can be either CAP_SET(1) or CAP_CLEAR(1)

CAP_SET
CAP_CLEAR

flags

CAP_EFFECTIVE
CAP_PERMITTED
CAP_INHERITABLE

capabilities

CAP_CHOWN
CAP_DAC_OVERRIDE
CAP_DAC_READ_SEARCH
CAP_FOWNER
CAP_FSETID
CAP_KILL
CAP_SETGID
CAP_SETUID
CAP_SETPCAP
CAP_LINUX_IMMUTABLE
CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST
CAP_NET_ADMIN
CAP_NET_RAW
CAP_IPC_LOCK
CAP_IPC_OWNER
CAP_SYS_MODULE
CAP_SYS_RAWIO
CAP_SYS_CHROOT
CAP_SYS_PTRACE
CAP_SYS_PACCT
CAP_SYS_ADMIN
CAP_SYS_BOOT
CAP_SYS_NICE
CAP_SYS_RESOURCE
CAP_SYS_TIME
CAP_SYS_TTY_CONFIG
CAP_MKNOD
CAP_LEASE
CAP_AUDIT_WRITE
CAP_AUDIT_CONTROL
CAP_SETFCAP
CAP_MAC_OVERRIDE
CAP_MAC_ADMIN
CAP_SYSLOG
CAP_WAKE_ALARM
CAP_BLOCK_SUSPEND
CAP_AUDIT_READ

AUTHOR

Nichiporenko Vasily <v.nichiporenko@crazypanda.ru>

LICENSE

You may distribute this code under the same terms as Perl itself.

To install Linux::Capabilities, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Linux::Capabilities

CPAN shell

perl -MCPAN -e shell
install Linux::Capabilities

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)