xref: /third_party/rust/crates/rustix/src/thread/prctl.rs

204 /// Linux per-thread capability.
238     /// - Transfer any capability in your permitted set to any pid.
239     /// - remove any capability in your permitted set from any pid.
241     /// - Add any capability from current's capability bounding set to the current process'
243     /// - Allow taking bits out of capability bounding set.
329     /// policy, and if it does and it chooses to implement capability based overrides of that
330     /// policy, this is the capability it should use to do so.
333     /// An LSM may enforce a MAC policy, and if it does and it chooses to implement capability based
335     /// capability it should use to do so.
348     /// This capability allows the following BPF operations:
383 /// Check if the specified capability is in the calling thread's capability bounding set.
390 pub fn is_in_capability_bounding_set(capability: Capability) -> io::Result<bool> {
391     unsafe { prctl_2args(PR_CAPBSET_READ, capability as usize as *mut _) }.map(|r| r != 0)
396 /// If the calling thread has the [`Capability::SetPermittedCapabilities`] capability within its
397 /// user namespace, then drop the specified capability from the thread's capability bounding set.
404 pub fn remove_capability_from_capability_bounding_set(capability: Capability) -> io::Result<()> {
405     unsafe { prctl_2args(PR_CAPBSET_DROP, capability as usize as *mut _) }.map(|_r| ())
424         /// and ambient capability sets when the thread's effective and filesystem UIDs are switched
584 /// Check if the specified capability is in the ambient set.
591 pub fn capability_is_in_ambient_capability_set(capability: Capability) -> io::Result<bool> {
592     let cap = capability as usize as *mut _;
612 /// Add or remove the specified capability to the ambient set.
620     capability: Capability,
628     let cap = capability as usize as *mut _;

Indexes created Thu Nov 07 10:32:03 CST 2024