libcap-ng python bindings

 
Back

 
As of the 0.6 release, you can use libcap-ng in python. You must add this line to your program:

import _capng as capng

Then you can do the same 6 use cases like this:

1) Drop all capabilities
     capng.capng_clear(capng.CAPNG_SELECT_BOTH)
     capng.capng_apply(capng.CAPNG_SELECT_BOTH)

2) Keep one capability
     capng.capng_clear(capng.CAPNG_SELECT_BOTH)
     capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE|capng.CAPNG_PERMITTED, capng.CAP_CHOWN)
     capng.capng_apply(capng.CAPNG_SELECT_BOTH)

3) Keep several capabilities
     capng.capng_clear(capng.CAPNG_SELECT_BOTH)
     capng.capng_updatev(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE|capng.CAPNG_PERMITTED, capng.CAP_SETUID, capng.CAP_SETGID, -1)
     capng.capng_apply(capng.CAPNG_SELECT_BOTH)

4) Check if you have any capabilities
     if capng.capng_have_capabilities(capng.CAPNG_SELECT_CAPS) > capng.CAPNG_NONE:
         do_something()

5) Check for certain capabilities
     if capng.capng_have_capability(capng.CAPNG_EFFECTIVE, capng.CAP_CHOWN):
         do_something()

6) Retain capabilities across a uid change
     capng.capng_clear(capng.CAPNG_SELECT_BOTH)
     capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE|capng.CAPNG_PERMITTED, capng.CAP_CHOWN)
     if capng.capng_change_id(99, 99, capng.CAPNG_DROP_SUPP_GRP | capng.CAPNG_CLEAR_BOUNDING) < 0:
         error()