capng_c 0.1.0 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88da08aa05f1a6e84b2b57fb2fca90a1d0c0d4dde8585dbad9e2f848e286cef6
-  data.tar.gz: 28a4762a3f921fbe0b06d1913d151d907b12a4558d1941fd7b9fed2440974eb6
+  metadata.gz: 46ab5a21fef03d5b25db0124526add7f625acc865ae10da0f8614b6290b5aec0
+  data.tar.gz: cae7565475f00217336124b3c1d0bad6fd3772470e3c8e2605ebac09bac87829
 SHA512:
-  metadata.gz: d6880731ae31f78a4b8ff1734b8638c1eddb86ec0bf519f9a6a13fe1b3410d7f1488103548954ba17fd5fa6e834eacd94275c46bdb650cf70f15ab901ab8ac84
-  data.tar.gz: 381f2a5abde2165d4f31513d3ae9086ae7d183747f53993ff492b7e255fbcfa9bbefdf9da8035027cc6cf0e330c9cf6efea69b260e329d685e4d95f81a25f988
+  metadata.gz: 90fab6a90550512222604afee7896c75b766559d39f3288cad6191fb5b1192f080efc4bec6deef2c00377da4f7e8d129ec928191d67fa9277aac505652064b59
+  data.tar.gz: eee3466a6e594b8b5d4fa1835c7650a6d7669cb20be1410c32c8e0b2d878d197263848ec2f1ea7923088428611a78400569f9be55ea16a4c0115ee3b6cd8547d

data/.github/workflows/linux.yml

@@ -0,0 +1,30 @@
+name: Linux testing
+on:
+  - push
+  - pull_request
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [ '2.4', '2.5', '2.6' , '2.7' ]
+        os:
+          - ubuntu-latest
+    name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install dependencies
+      run: |
+        sudo apt update
+        sudo apt -V install libcap-ng-dev
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: unit testing
+      env:
+        CI: true
+      run: |
+        gem install bundler rake
+        bundle install --jobs 4 --retry 3
+        bundle exec rake

data/README.md

@@ -1,5 +1,7 @@
 # Capng_c
 
+![Linux testing](https://github.com/cosmo0920/capng_c/workflows/Linux%20testing/badge.svg?branch=main)
+
 libcap-ng bindings for Ruby.
 
 ## Installation
@@ -18,6 +20,10 @@ Or install it yourself as:
 
     $ gem install capng_c
 
+## Usage
+
+The usage examples are put in [example directory](example).
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/capng_c.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{libcap-ng bindings for Ruby.}
   spec.description   = spec.summary
   spec.homepage      = "https://github.com/cosmo0920/cap-ng_c"
-
+  spec.license       = "Apache-2.0"
   spec.metadata["allowed_push_host"] = "https://rubygems.org"
 
   spec.metadata["homepage_uri"] = spec.homepage

data/example/file_capability.rb

@@ -0,0 +1,36 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+if ARGV.size != 1
+  puts "specify file path on ARGV."
+  exit 1
+end
+
+if Process.uid != 0
+  puts "Needed to run as root!"
+  exit 2
+end
+
+path = ARGV[0]
+capng = CapNG.new(:file, path)
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+capng.clear(:caps)
+ret = capng.update(:add, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED,
+                   [:dac_read_search, :dac_override])
+puts "updating capability: #{ret ? "success" : "fail"}"
+capng.apply_caps_file(path)
+puts "updated capability: #{print.caps_text(:buffer, :effective)}"

data/example/process_capability.rb

@@ -0,0 +1,59 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+if Process.uid != 0
+  puts "Needed to run as root!"
+  exit 2
+end
+
+capng = CapNG.new(:current_process)
+
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+target_file = ARGV[0] || "/var/log/syslog"
+capng.clear(:caps)
+
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+ret = capng.update(:add, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED, :dac_read_search)
+puts "CapNG#update: #{ret ? 'success' : 'fail'}"
+
+ret = capng.apply(:caps)
+puts "CapNG#apply(add): #{ret ? 'success' : 'fail'}"
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+path = "/var/log/syslog"
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+contents = File.read(target_file)
+if contents.length >= 0
+  puts "succeeded to read: #{target_file}"
+end
+
+ret = capng.update(:drop, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED, :dac_read_search)
+puts "CapNG#update(drop): #{ret ? 'success' : 'fail'}"
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+
+ret = capng.apply(:caps)
+puts "CapNG#apply(drop): #{ret ? 'success' : 'fail'}"
+
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+begin
+  File.read(target_file)
+rescue Errno::EACCES
+  puts "permission denied even if run as root"
+end

data/example/process_capability_without_root.rb

@@ -0,0 +1,36 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+capng = CapNG.new(:current_process)
+unless capng.have_capability?(:effective, :dac_read_search)
+  puts "This example needs to setup :dac_read_search capability on running Ruby executable."
+  exit 2
+end
+
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+target_file = ARGV[0] || "/var/log/syslog"
+
+path = "/var/log/syslog"
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+if capng.have_capability?(:effective, :dac_read_search)
+  contents = File.read(target_file)
+  if contents.length >= 0
+    puts "succeeded to read: #{target_file} w/o root user"
+  end
+end

data/ext/capng/capng.c

@@ -46,27 +46,106 @@ rb_capng_alloc(VALUE klass)
 }
 
 static VALUE
-rb_capng_initialize(VALUE self)
+rb_capng_initialize(int argc, VALUE *argv, VALUE self)
 {
+  VALUE rb_target, rb_pid_or_file;
+  int result = 0;
+  char *target = NULL;
+  int pid = 0, fd = 0;
+  rb_io_t *fptr = NULL;
+
+  rb_scan_args(argc, argv, "02", &rb_target, &rb_pid_or_file);
+
+  if (NIL_P(rb_target)) {
+    return Qnil;
+  }
+
+  if (RB_TYPE_P(rb_target, T_SYMBOL)) {
+    target = RSTRING_PTR(rb_sym2str(rb_target));
+  } else if (RB_TYPE_P(rb_target, T_STRING)) {
+    target = StringValuePtr(rb_target);
+  } else {
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance for tagret argument");
+  }
+
+  if (strcmp(target, "current_process") == 0) {
+    result = capng_get_caps_process();
+    if (result != 0) {
+      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
+    }
+  } else if (strcmp(target, "other_process") == 0) {
+    Check_Type(rb_pid_or_file, T_FIXNUM);
+
+    pid = NUM2INT(rb_pid_or_file);
+    capng_setpid(pid);
+    result = capng_get_caps_process();
+    if (result != 0) {
+      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
+    }
+  } else if (strcmp(target, "file") == 0) {
+    Check_Type(rb_pid_or_file, T_FILE);
+
+    fptr = RFILE(rb_pid_or_file)->fptr;
+    fd = fptr->fd;
+    result = capng_get_caps_fd(fd);
+    /* Just store result into instance variable. */
+    /* This is because capng_get_caps_fd should return 0 if file cap is not set. */
+    rb_iv_set(self, "@return_code", INT2NUM(result));
+  }
+
   return Qnil;
 }
 
 static VALUE
-rb_capng_clear(VALUE self, VALUE rb_action_set)
+rb_capng_return_code(VALUE self)
 {
-  Check_Type(rb_action_set, T_FIXNUM);
+  return rb_iv_get(self, "@return_code");
+}
+
+static VALUE
+rb_capng_clear(VALUE self, VALUE rb_select_name_or_enum)
+{
+  capng_select_t select = 0;
+
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  capng_clear(NUM2INT(rb_action_set));
+  capng_clear(select);
 
   return Qnil;
 }
 
 static VALUE
-rb_capng_fill(VALUE self, VALUE rb_action_set)
+rb_capng_fill(VALUE self, VALUE rb_select_name_or_enum)
 {
-  Check_Type(rb_action_set, T_FIXNUM);
+  capng_select_t select = 0;
 
-  capng_fill(NUM2INT(rb_action_set));
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+
+  capng_fill(select);
 
   return Qnil;
 }
@@ -94,13 +173,41 @@ rb_capng_get_caps_process(VALUE self)
 }
 
 static VALUE
-rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_capability_or_name)
+rb_capng_update(VALUE self,
+                VALUE rb_action_name_or_action, VALUE rb_capability_name_or_type, VALUE rb_capability_or_name)
 {
   int result = 0;
   unsigned int capability = 0;
+  capng_type_t capability_type = 0;
+  capng_act_t action = 0;
 
-  Check_Type(rb_action_set, T_FIXNUM);
-  Check_Type(rb_update_type, T_FIXNUM);
+  switch (TYPE(rb_action_name_or_action)) {
+  case T_SYMBOL:
+    action = action_name_to_action_type(RSTRING_PTR(rb_sym2str(rb_action_name_or_action)));
+    break;
+  case T_STRING:
+    action = action_name_to_action_type(StringValuePtr(rb_action_name_or_action));
+    break;
+  case T_FIXNUM:
+    action = NUM2INT(rb_action_name_or_action);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
   switch (TYPE(rb_capability_or_name)) {
   case T_SYMBOL:
@@ -116,7 +223,7 @@ rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_
     rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability constant");
   }
 
-  result = capng_update(NUM2UINT(rb_action_set), NUM2INT(rb_update_type), capability);
+  result = capng_update(action, capability_type, capability);
 
   if (result == 0)
     return Qtrue;
@@ -125,13 +232,26 @@ rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_
 }
 
 static VALUE
-rb_capng_apply(VALUE self, VALUE rb_action_set)
+rb_capng_apply(VALUE self, VALUE rb_select_name_or_enum)
 {
   int result = 0;
+  capng_select_t select = 0;
 
-  Check_Type(rb_action_set, T_FIXNUM);
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  result = capng_apply(NUM2INT(rb_action_set));
+  result = capng_apply(select);
 
   if (result == 0)
     return Qtrue;
@@ -162,24 +282,53 @@ rb_capng_change_id(VALUE self, VALUE rb_uid, VALUE rb_gid, VALUE rb_flags)
   if (result == 0)
     return Qtrue;
   else
-    return Qfalse;
+    rb_raise(rb_eRuntimeError, "Calling capng_change_id is failed with: (exitcode: %d)\n", result);
 }
 
 static VALUE
-rb_capng_have_capabilities_p(VALUE self, VALUE rb_select_enum)
+rb_capng_have_capabilities_p(VALUE self, VALUE rb_select_name_or_enum)
 {
   int result = 0;
+  capng_select_t select = 0;
 
-  result = capng_have_capabilities(NUM2INT(rb_select_enum));
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+  result = capng_have_capabilities(select);
 
   return INT2NUM(result);
 }
 
 static VALUE
-rb_capng_have_capability_p(VALUE self, VALUE rb_update_type, VALUE rb_capability_or_name)
+rb_capng_have_capability_p(VALUE self, VALUE rb_capability_name_or_type, VALUE rb_capability_or_name)
 {
   int result = 0;
   unsigned int capability = 0;
+  capng_type_t capability_type = 0;
+
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
   switch (TYPE(rb_capability_or_name)) {
   case T_SYMBOL:
@@ -195,7 +344,7 @@ rb_capng_have_capability_p(VALUE self, VALUE rb_update_type, VALUE rb_capability
     rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability constant");
   }
 
-  result = capng_have_capability(NUM2INT(rb_update_type), capability);
+  result = capng_have_capability(capability_type, capability);
 
   if (result == 1)
     return Qtrue;
@@ -254,7 +403,8 @@ Init_capng(void)
 
   rb_define_alloc_func(rb_cCapNG, rb_capng_alloc);
 
-  rb_define_method(rb_cCapNG, "initialize", rb_capng_initialize, 0);
+  rb_define_method(rb_cCapNG, "initialize", rb_capng_initialize, -1);
+  rb_define_method(rb_cCapNG, "return_code", rb_capng_return_code, 0);
   rb_define_method(rb_cCapNG, "clear", rb_capng_clear, 1);
   rb_define_method(rb_cCapNG, "fill", rb_capng_fill, 1);
   rb_define_method(rb_cCapNG, "setpid", rb_capng_setpid, 1);

data/ext/capng/capng.h

@@ -20,6 +20,9 @@
 
 #include <cap-ng.h>
 #include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
 VALUE rb_cCapNG;
 VALUE rb_cCapNGPrint;
@@ -32,6 +35,11 @@ VALUE rb_mResult;
 VALUE rb_mPrint;
 VALUE rb_mFlags;
 
+capng_select_t select_name_to_select_type(char *select_name);
+capng_act_t action_name_to_action_type(char *action_name);
+capng_print_t print_name_to_print_type(char *print_name);
+capng_type_t capability_type_name_to_capability_type(char *capability_name);
+
 void Init_capng_capability(VALUE);
 void Init_capng_enum(VALUE);
 void Init_capng_print(VALUE);

data/ext/capng/enum.c

@@ -55,5 +55,8 @@ void Init_capng_enum(VALUE rb_cCapNG)
   rb_define_const(rb_mFlags, "NO_FLAG", LONG2NUM(CAPNG_NO_FLAG));
   rb_define_const(rb_mFlags, "DROP_SUPP_GRP", LONG2NUM(CAPNG_DROP_SUPP_GRP));
   rb_define_const(rb_mFlags, "CLEAR_BOUNDING", LONG2NUM(CAPNG_CLEAR_BOUNDING));
+#if defined(CAPNG_INIT_SUPP_GRP)
+  // Ubuntu Trusty's libcap-ng-dev doesn't have CAPNG_INIT_SUPP_GRP constant.
   rb_define_const(rb_mFlags, "INIT_SUPP_GRP", LONG2NUM(CAPNG_INIT_SUPP_GRP));
+#endif
 }

data/ext/capng/extconf.rb

@@ -20,7 +20,7 @@ includedir = RbConfig::CONFIG["includedir"]
 
 dir_config("capng", includedir, libdir)
 
-$LDFLAGS << " -lcap-ng "
+pkg_config("libcap-ng")
 $CFLAGS << " -Wall -std=c99 -fPIC "
 # $CFLAGS << " -g -O0"
 

data/ext/capng/print.c

@@ -52,41 +52,101 @@ rb_capng_print_initialize(VALUE self)
 }
 
 static VALUE
-rb_capng_print_caps_text(VALUE self, VALUE rb_where, VALUE rb_select_set)
+rb_capng_print_caps_text(VALUE self, VALUE rb_where_name_or_type, VALUE rb_capability_name_or_type)
 {
   char *result = NULL;
+  capng_type_t capability_type = 0;
+  capng_print_t print_type = 0;
 
-  switch (NUM2LONG(rb_where)) {
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+
+  switch (TYPE(rb_where_name_or_type)) {
+  case T_SYMBOL:
+    print_type = print_name_to_print_type(RSTRING_PTR(rb_sym2str(rb_where_name_or_type)));
+    break;
+  case T_STRING:
+    print_type = print_name_to_print_type(StringValuePtr(rb_where_name_or_type));
+    break;
+  case T_FIXNUM:
+    print_type = NUM2INT(rb_where_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a print type constant");
+  }
+
+  switch (print_type) {
   case CAPNG_PRINT_STDOUT:
-    capng_print_caps_text(CAPNG_PRINT_STDOUT, NUM2LONG(rb_select_set));
+    capng_print_caps_text(CAPNG_PRINT_STDOUT, capability_type);
     break;
   case CAPNG_PRINT_BUFFER:
-    result = capng_print_caps_text(CAPNG_PRINT_BUFFER, NUM2INT(rb_select_set));
+    result = capng_print_caps_text(CAPNG_PRINT_BUFFER, capability_type);
   }
 
   if (result)
     return rb_str_new2(result);
   else
-    return rb_str_new2("(NULL)");
+    return rb_str_new2("none");
 }
 
 static VALUE
-rb_capng_print_caps_numeric(VALUE self, VALUE rb_where, VALUE rb_select_set)
+rb_capng_print_caps_numeric(VALUE self, VALUE rb_where_name_or_type, VALUE rb_select_name_or_enum)
 {
   char *result = NULL;
+  capng_select_t select = 0;
+  capng_print_t print_type = 0;
+
+  switch (TYPE(rb_where_name_or_type)) {
+  case T_SYMBOL:
+    print_type = print_name_to_print_type(RSTRING_PTR(rb_sym2str(rb_where_name_or_type)));
+    break;
+  case T_STRING:
+    print_type = print_name_to_print_type(StringValuePtr(rb_where_name_or_type));
+    break;
+  case T_FIXNUM:
+    print_type = NUM2INT(rb_where_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a print type constant");
+  }
+
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  switch (NUM2LONG(rb_where)) {
+  switch (print_type) {
   case CAPNG_PRINT_STDOUT:
-    capng_print_caps_numeric(CAPNG_PRINT_STDOUT, NUM2INT(rb_select_set));
+    capng_print_caps_numeric(CAPNG_PRINT_STDOUT, select);
     break;
   case CAPNG_PRINT_BUFFER:
-    result = capng_print_caps_numeric(CAPNG_PRINT_BUFFER, NUM2LONG(rb_select_set));
+    result = capng_print_caps_numeric(CAPNG_PRINT_BUFFER, select);
   }
 
   if (result)
     return rb_str_new2(result);
   else
-    return rb_str_new2("(NULL)");
+    return rb_str_new2("none");
 }
 
 void Init_capng_print(VALUE rb_cCapNG)

data/ext/capng/utils.c

@@ -0,0 +1,80 @@
+/* capng_c */
+/* Copyright 2020- Hiroshi Hatake*/
+/* */
+/* Licensed under the Apache License, Version 2.0 (the "License"); */
+/* you may not use this file except in compliance with the License. */
+/* You may obtain a copy of the License at */
+/*     http://www.apache.org/licenses/LICENSE-2.0 */
+/* Unless required by applicable law or agreed to in writing, software */
+/* distributed under the License is distributed on an "AS IS" BASIS, */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
+/* See the License for the specific language governing permissions and */
+/* limitations under the License. */
+
+#include <capng.h>
+
+capng_select_t
+select_name_to_select_type(char *select_name)
+{
+  if (strcmp(select_name, "caps") == 0) {
+    return CAPNG_SELECT_CAPS;
+  } else if (strcmp(select_name, "bounds") == 0) {
+    return CAPNG_SELECT_BOUNDS;
+  } else if (strcmp(select_name, "both") == 0) {
+    return CAPNG_SELECT_BOTH;
+#if defined(CAPNG_SELECT_AMBIENT)
+  } else if (strcmp(select_name, "ambient") == 0) {
+    return CAPNG_SELECT_AMBIENT;
+#endif
+#if defined(CAPNG_SELECT_ALL)
+  } else if (strcmp(select_name, "all") == 0) {
+    return CAPNG_SELECT_ALL;
+#endif
+  } else {
+    rb_raise(rb_eArgError, "unknown select name %s", select_name);
+  }
+}
+
+capng_act_t
+action_name_to_action_type(char *action_name)
+{
+  if (strcmp(action_name, "drop") == 0) {
+    return CAPNG_DROP;
+  } else if (strcmp(action_name, "add") == 0) {
+    return CAPNG_ADD;
+  } else {
+    rb_raise(rb_eArgError, "unknown action name %s", action_name);
+  }
+}
+
+capng_print_t
+print_name_to_print_type(char *print_name)
+{
+  if (strcmp(print_name, "stdout") == 0) {
+    return CAPNG_PRINT_STDOUT;
+  } else if (strcmp(print_name, "buffer") == 0) {
+    return CAPNG_PRINT_BUFFER;
+  } else {
+    rb_raise(rb_eArgError, "unknown print name %s", print_name);
+  }
+}
+
+capng_type_t
+capability_type_name_to_capability_type(char *capability_name)
+{
+  if (strcmp(capability_name, "effective") == 0) {
+    return CAPNG_EFFECTIVE;
+  } else if (strcmp(capability_name, "permitted") == 0) {
+    return CAPNG_PERMITTED;
+  } else if (strcmp(capability_name, "inheritable") == 0) {
+    return CAPNG_INHERITABLE;
+  } else if (strcmp(capability_name, "bounding_set") == 0) {
+    return CAPNG_BOUNDING_SET;
+#if defined(CAPNG_AMBIENT)
+  } else if (strcmp(capability_name, "ambient") == 0) {
+    return CAPNG_AMBIENT;
+#endif
+  } else {
+    rb_raise(rb_eArgError, "unknown capability name: %s", capability_name);
+  }
+}

data/lib/capng.rb

@@ -6,6 +6,20 @@ class CapNG
 
   alias_method :caps_file_raw, :caps_file
   alias_method :apply_caps_file_raw, :apply_caps_file
+  alias_method :update_raw, :update
+  alias_method :initialize_raw, :initialize
+
+  def initialize(target = nil, pid_or_path = nil)
+    if target && pid_or_path.is_a?(Integer)
+      initialize_raw(target, pid_or_path)
+    elsif target && pid_or_path.is_a?(String) && File.exist?(pid_or_path)
+      File.open(pid_or_path) do |file|
+        initialize_raw(target, file);
+      end
+    else
+      initialize_raw(target, pid_or_path)
+    end
+  end
 
   def caps_file(file_or_string_path)
     if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
@@ -22,7 +36,7 @@ class CapNG
   def apply_caps_file(file_or_string_path)
     if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
       File.open(file_or_string_path) do |f|
-        apply_cps_file_raw(f)
+        apply_caps_file_raw(f)
       end
     elsif file_or_string_path.is_a?(File)
       apply_caps_file_raw(file_or_string_path)
@@ -30,4 +44,18 @@ class CapNG
       raise ArgumentError, "#{file_or_string_path} should be File class or String class instance."
     end
   end
+
+  def update(action, type, capability_or_capability_array)
+    if capability_or_capability_array.is_a?(Array) && !capability_or_capability_array.empty?
+      results = []
+      capability_or_capability_array.each do |capability|
+        result = update_raw(action, type, capability)
+        results << result
+        return results if !result
+      end
+      results
+    else
+      update_raw(action, type, capability_or_capability_array)
+    end
+  end
 end

data/lib/capng/version.rb

@@ -1,3 +1,3 @@
 class CapNG
-  VERSION = "0.1.0"
+  VERSION = "0.1.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: capng_c
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.5
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-10-26 00:00:00.000000000 Z
+date: 2020-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -80,6 +80,7 @@ extensions:
 - ext/capng/extconf.rb
 extra_rdoc_files: []
 files:
+- ".github/workflows/linux.yml"
 - ".gitignore"
 - Gemfile
 - LICENSE
@@ -88,6 +89,9 @@ files:
 - bin/console
 - bin/setup
 - capng_c.gemspec
+- example/file_capability.rb
+- example/process_capability.rb
+- example/process_capability_without_root.rb
 - ext/capng/capability.c
 - ext/capng/capng.c
 - ext/capng/capng.h
@@ -95,10 +99,12 @@ files:
 - ext/capng/extconf.rb
 - ext/capng/print.c
 - ext/capng/state.c
+- ext/capng/utils.c
 - lib/capng.rb
 - lib/capng/version.rb
 homepage: https://github.com/cosmo0920/cap-ng_c
-licenses: []
+licenses:
+- Apache-2.0
 metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/cosmo0920/cap-ng_c