Skip to content

v0.1.2
Compare
Choose a tag to compare
@cptpcrd cptpcrd released this 28 Oct 16:46
· 47 commits to master since this release
v0.1.2
ed1e1b4

Changelog:

  • refactor: remove follow_symlinks from FileCaps methods

    It was useless since file capabilities can't be attached to symlinks.

  • refactor: make Cap.from_name() checks stricter

    Mostly just sanity checks; shouldn't break existing code.

  • feat: add interface to filesystem UIDs/GIDs

    These aren't manipulated by prctl(), and they aren't directly related to Linux capabilities, but the setfsuid()/setfsgid() syscalls are so to use that it's helpful to have an interface for them somewhere.

  • fix: make cap_set_ids() work around glibc's setgroups() synchronization

    musl currently doesn't synchronize setgroups(), so I didn't realize that glibc did.

  • feat: add replace() method to the capability set objects to replace the entire set

  • fix: make capbset/cap_ambient's drop() methods avoid trying to drop capabilities that aren't actually raised

    This 1) makes behavior more consistent with cap_{permitted,effective,inheritable}, 2) avoids issues regarding capabilities the kernel support, and 3) avoids needing CAP_SETPCAP to perform no-op on capbset.

  • fix: add py.typed file to make mypy look for type annotations

  • docs: add more documentation; fix/improve existing documentation

  • docs: use latest Sphinx version on ReadTheDocs

    Fixes some issues with how the docs were generated.

  • test: add more tests

Assets 2