Class: Haconiwa::SmallLibcap

Inherits:

Object

• Object
• Haconiwa::SmallLibcap

Extended by:

FFI::Library

Defined in:

lib/haconiwa/small_libcap.rb

Defined Under Namespace

Classes: CapError

Class Method Summary

• ._name2cap(name) ⇒ Object
• .apply_cap_whitelist(list: []) ⇒ Object
• .cap_supported?(cap) ⇒ Boolean
• .drop_cap_by_name(name) ⇒ Object

Class Method Details

._name2cap(name) ⇒ Object

# File 'lib/haconiwa/small_libcap.rb', line 31

def self._name2cap(name)
  ptr = FFI::MemoryPointer.new(:int)
  err = cap_from_name(name, ptr)
  if err < 0
    raise CapError, "Invalid or unsupported capability name: #{name}"
  end
  ptr.read_int
end

.apply_cap_whitelist(list: []) ⇒ Object

# File 'lib/haconiwa/small_libcap.rb', line 48

def self.apply_cap_whitelist(list: [])
  whitelist = list.map{|n| _name2cap(n) }

  loop.with_index(0) do |_, cap_value|
    return(true) unless cap_supported?(cap_value)
    next if whitelist.include?(cap_value)

    err = cap_drop_bound(cap_value)
    if err < 0
      raise CapError, "Failed to drop capability cap_value_t: #{cap_value} from bounding set"
    end
  end
end

.cap_supported?(cap) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/haconiwa/small_libcap.rb', line 27

def self.cap_supported?(cap)
  cap_get_bound(cap) >= 0
end

.drop_cap_by_name(name) ⇒ Object

# File 'lib/haconiwa/small_libcap.rb', line 40

def self.drop_cap_by_name(name)
  err = cap_drop_bound(_name2cap(name))
  if err < 0
    raise CapError, "Failed to drop capability name: #{name} from bounding set"
  end
  true
end