A pure-Go minimalist package for getting and setting the capabilities of Linux
tasks (threads). No need for linking with libcap
.
To drop the calling task's effective capabilities only, without dropping the permitted capabilities:
// Make sure to lock this Go routine to its current OS-level task (thread).
runtime.LockOSThread()
origcaps := caps.OfThisTask()
dropped := origcaps.Clone()
dropped.Effective.Clear()
caps.SetForThisTask(dropped)
To regain only a specific effective capability:
dropped.Effective.Add(caps.CAP_SYS_ADMIN)
caps.SetForThisTask(dropped)
And finally to regain all originally effective capabilities:
caps.SetForThisTask(origcaps)
caps
supports versions of Go that are noted by the Go release policy, that is,
major versions N and N-1 (where N is the current major version).
Please see CONTRIBUTING.md.
caps
is Copyright 2023 Harald Albrecht, and licensed under the Apache License,
Version 2.0.