system.linux_capabilities

local system = require "system"
local caps = system.cap_init()
caps:set_proc()
system.cap_reset_ambient()

Functions

cap_get_proc() → linux_capabilities

See cap_get_proc(3).

cap_init() → linux_capabilities

See cap_init(3).

cap_from_text(caps: string) → linux_capabilities

See cap_from_text(3).

cap_get_bound(cap: string) → boolean

See cap_get_bound(3).

cap_drop_bound(cap: string)

See cap_drop_bound(3).

Only the master VM is allowed to use this function.

cap_get_ambient(cap: string) → boolean

See cap_get_ambient(3).

cap_set_ambient(cap: string, value: boolean)

See cap_set_ambient(3).

Only the master VM is allowed to use this function.

cap_reset_ambient()

See cap_reset_ambient(3).

Only the master VM is allowed to use this function.

cap_get_secbits() → integer

See cap_get_secbits(3).

cap_set_secbits(bits: integer)

See cap_set_secbits(3).

The securebits flag constants are available from the system table:

  • SECBIT_NOROOT

  • SECBIT_NOROOT_LOCKED

  • SECBIT_NO_SETUID_FIXUP

  • SECBIT_NO_SETUID_FIXUP_LOCKED

  • SECBIT_KEEP_CAPS

  • SECBIT_KEEP_CAPS_LOCKED

  • SECBIT_NO_CAP_AMBIENT_RAISE

  • SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED

Only the master VM is allowed to use this function.

dup(self) → linux_capabilities

See cap_dup(3).

clear(self)

See cap_clear(3).

clear_flag(self, flag: string)

See cap_clear_flag(3).

get_flag(self, cap: string, flag: string) → boolean

See cap_get_flag(3).

set_flag(self, flag: string, caps: string[], value: boolean)

See cap_set_flag(3).

fill_flag(self, to: string, ref: linux_capabilities, from: string)

See cap_fill_flag(3).

fill(self, to: string, from: string)

See cap_fill(3).

set_proc(self)

See cap_set_proc(3).

Only the master VM is allowed to use this function.

get_nsowner(self) → integer

See cap_get_nsowner(3).

set_nsowner(self, rootuid: integer)

See cap_set_nsowner(3).