Class: Cap2::Process
- Inherits:
-
Object
- Object
- Cap2::Process
- Defined in:
- lib/cap2/process.rb,
ext/cap2/cap2.c
Overview
A class with methods for managing capabilities for the process with pid provided to the initialize method.
Instance Method Summary collapse
-
#disable(capability) ⇒ Object
Disable the given capability for this process.
-
#enable(capability) ⇒ Object
Enable the given capability for this process.
-
#enabled?(*capabilities) ⇒ Boolean
Returns whether the given capabilities are enabled.
- #getcaps ⇒ Object
-
#inheritable?(capabilities) ⇒ Boolean
Returns whether the given capabilities are inheritable.
-
#initialize(pid) ⇒ Process
constructor
Initialize a new Process object for the given pid.
-
#permitted?(*capabilities) ⇒ Boolean
Returns whether the given capabilities are permitted.
-
#save ⇒ Object
Set the capabilities for self from the caps hash stored in @caps.
Constructor Details
#initialize(pid) ⇒ Process
Initialize a new Process object for the given pid.
6 7 8 9 |
# File 'lib/cap2/process.rb', line 6 def initialize(pid) @pid = pid @caps = getcaps end |
Instance Method Details
#disable(capability) ⇒ Object
Disable the given capability for this process.
37 38 39 40 41 |
# File 'lib/cap2/process.rb', line 37 def disable(capability) check_pid @caps[:effective].delete(capability) save end |
#enable(capability) ⇒ Object
Enable the given capability for this process.
30 31 32 33 34 |
# File 'lib/cap2/process.rb', line 30 def enable(capability) check_pid @caps[:effective].add(capability) save end |
#enabled?(*capabilities) ⇒ Boolean
Returns whether the given capabilities are enabled
18 19 20 21 |
# File 'lib/cap2/process.rb', line 18 def enabled?(*capabilities) reload @caps[:effective].superset? Set[*capabilities] end |
#getcaps ⇒ Object
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'ext/cap2/cap2.c', line 105
VALUE cap2_process_getcaps(VALUE self) {
cap_t cap_d;
int pid;
VALUE result;
pid = cap2_process_pid(self);
cap_d = cap_get_pid(pid);
if (cap_d == NULL) {
rb_raise(
rb_eRuntimeError,
"Failed to get capabilities for proccess %d: (%s)\n",
pid, strerror(errno)
);
} else {
result = cap2_caps_to_hash(cap_d);
cap_free(cap_d);
return result;
}
}
|
#inheritable?(capabilities) ⇒ Boolean
Returns whether the given capabilities are inheritable
24 25 26 27 |
# File 'lib/cap2/process.rb', line 24 def inheritable?(capabilities) reload @caps[:inheritable].superset? Set[*capabilities] end |
#permitted?(*capabilities) ⇒ Boolean
Returns whether the given capabilities are permitted
12 13 14 15 |
# File 'lib/cap2/process.rb', line 12 def permitted?(*capabilities) reload @caps[:permitted].superset? Set[*capabilities] end |
#save ⇒ Object
Set the capabilities for self from the caps hash stored in @caps.
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'ext/cap2/cap2.c', line 130
VALUE cap2_process_setcaps(VALUE self) {
int i;
cap_t cap_d;
VALUE caps, cap_array, cap_sym;
cap_value_t cap_values[__CAP_COUNT];
cap_d = cap_init();
caps = rb_iv_get(self, "@caps");
// permitted
cap_array = rb_funcall(
rb_hash_aref(caps, ID2SYM(rb_intern("permitted"))),
rb_intern("to_a"),
0
);
for(i = 0; i < RARRAY_LEN(cap_array); i++) {
cap_sym = RARRAY_PTR(cap_array)[i];
cap_values[i] = cap2_sym_to_cap(cap_sym);
}
cap_set_flag(cap_d, CAP_PERMITTED, i, cap_values, CAP_SET);
// effective
cap_array = rb_funcall(
rb_hash_aref(caps, ID2SYM(rb_intern("effective"))),
rb_intern("to_a"),
0
);
for(i = 0; i < RARRAY_LEN(cap_array); i++) {
cap_sym = RARRAY_PTR(cap_array)[i];
cap_values[i] = cap2_sym_to_cap(cap_sym);
}
cap_set_flag(cap_d, CAP_EFFECTIVE, i, cap_values, CAP_SET);
// inheritable
cap_array = rb_funcall(
rb_hash_aref(caps, ID2SYM(rb_intern("inheritable"))),
rb_intern("to_a"),
0
);
for(i = 0; i < RARRAY_LEN(cap_array); i++) {
cap_sym = RARRAY_PTR(cap_array)[i];
cap_values[i] = cap2_sym_to_cap(cap_sym);
}
cap_set_flag(cap_d, CAP_INHERITABLE, i, cap_values, CAP_SET);
if(cap_set_proc(cap_d) == -1) {
rb_raise(
rb_eRuntimeError,
"Failed to set capabilities for current process: (%s)\n",
strerror(errno)
);
} else {
cap_free(cap_d);
return Qtrue;
}
}
|