Add File#clear

README.md

@@ -133,6 +133,28 @@ file.disallow_inherit(:fowner)      # => true
 file.inheritable?(:fowner)          # => false
 ```
 
+To clear all capabilities for a file, use Cap2::File#clear:
+
+```
+Cap2.process.enabled?(:setfcap)     # => true - needed to set file capabilities
+
+file = Cap2.file('/tmp/file')       # => #<Cap2::File @filename="/tmp/file">
+
+file.permit(:kill)                  # => true
+file.allow_inherit(:kill)           # => true
+file.enable                         # => true
+
+file.permitted?(:kill)              # => true
+file.inheritable?(:kill)            # => true
+file.enabled?                       # => true
+
+file.clear                          # => true
+
+file.permitted?(:kill)              # => false
+file.inheritable?(:kill)            # => false
+file.enabled?                       # => false
+```
+
 #### Processes
 
 Cap2 can be used to enable / disable capabilities of the current Ruby process.

lib/cap2/file.rb

@@ -63,6 +63,12 @@ def disable
       save
     end
 
+    # Clear all capabilites
+    def clear
+      @caps.each_pair { |_, s| s.clear }
+      save
+    end
+
     private
     def reload
       @caps = getcaps

spec/file_spec.rb

@@ -5,6 +5,10 @@
 
   subject { Cap2::File.new(file.path) }
 
+  before(:each) do
+    run_as_root('clear')
+  end
+
   describe '#permitted?' do
     context "when the file doesn't have the given capability" do
       it { should_not be_permitted(:dac_override) }
@@ -129,6 +133,18 @@
     end
   end
 
+  describe '#clear' do
+    it 'should clear all capabilities' do
+      run_as_root('permit(:kill)', 'allow_inherit(:kill)', 'enable')
+
+      run_as_root('clear')
+
+      subject.should_not be_permitted(:kill)
+      subject.should_not be_inheritable(:kill)
+      subject.should_not be_enabled
+    end
+  end
+
   # FIXME: Would like to call the given code on subject directly (e.g.
   #        `subject.permit(:fowner)`) but this would require the test
   #        suite to be run as root?