capng_c 0.1.1 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 31b53b59b57445d79f742beb25910e6bb62270673d6c171ffea029938d5f35ee
-  data.tar.gz: 62c157b61e3cc5e1bfd144effb8370a3de756e63a7cfccfb3012d236ceecd2d9
+  metadata.gz: eea2ca339ebb678c88b6c3ee7726878a46c2bdef9a8756daca982bb22bc009a5
+  data.tar.gz: 6b792b28771206844c5daac503ad2003c443799ebbf64b27f2f4cc616694a5e7
 SHA512:
-  metadata.gz: a3b0b2deda2fb0c46fcce53f54097659a4d7fddd34e1bc4ce01fd27dea02a220263cf668deb048542009dc92b885753938f753af37e7a87500b806111330e552
-  data.tar.gz: b2968668551f8b397d7f5da73d38004215cef706e2d8e2ecf09453a6ca4ef14ed4b8e550296767a5f38dba9e87edcb669b4edaf2cf8433e3f92c7c9a27591c0a
+  metadata.gz: 3071407d369065ac165ed2e1c4c8c9962205f9e67601152c884dc0d76bed6720e8c95ebd28b951029ed752f74a82b734876fbfed102e66325dd548b7a23a85b2
+  data.tar.gz: f1d1728a2b9de22433383cfeae38d7682f43af05995ef4c26fb4dcf89df58398525a3c8f10cc688ce11e847a55109811add8398c02a6b976d70b2210440c659c

data/Gemfile

@@ -1,4 +1,4 @@
 source "https://rubygems.org"
 
-# Specify your gem's dependencies in ioext.gemspec
+# Specify your gem's dependencies in capng_c.gemspec
 gemspec

data/README.md

@@ -20,6 +20,10 @@ Or install it yourself as:
 
     $ gem install capng_c
 
+## Usage
+
+The usage examples are put in [example directory](example).
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/capng_c.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{libcap-ng bindings for Ruby.}
   spec.description   = spec.summary
   spec.homepage      = "https://github.com/cosmo0920/cap-ng_c"
-
+  spec.license       = "Apache-2.0"
   spec.metadata["allowed_push_host"] = "https://rubygems.org"
 
   spec.metadata["homepage_uri"] = spec.homepage

data/example/file_capability.rb

@@ -0,0 +1,36 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+if ARGV.size != 1
+  puts "specify file path on ARGV."
+  exit 1
+end
+
+if Process.uid != 0
+  puts "Needed to run as root!"
+  exit 2
+end
+
+path = ARGV[0]
+capng = CapNG.new(:file, path)
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+capng.clear(:caps)
+ret = capng.update(:add, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED,
+                   [:dac_read_search, :dac_override])
+puts "updating capability: #{ret ? "success" : "fail"}"
+capng.apply_caps_file(path)
+puts "updated capability: #{print.caps_text(:buffer, :effective)}"

data/example/process_capability.rb

@@ -0,0 +1,59 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+if Process.uid != 0
+  puts "Needed to run as root!"
+  exit 2
+end
+
+capng = CapNG.new(:current_process)
+
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+target_file = ARGV[0] || "/var/log/syslog"
+capng.clear(:caps)
+
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+ret = capng.update(:add, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED, :dac_read_search)
+puts "CapNG#update: #{ret ? 'success' : 'fail'}"
+
+ret = capng.apply(:caps)
+puts "CapNG#apply(add): #{ret ? 'success' : 'fail'}"
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+path = "/var/log/syslog"
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+contents = File.read(target_file)
+if contents.length >= 0
+  puts "succeeded to read: #{target_file}"
+end
+
+ret = capng.update(:drop, CapNG::Type::EFFECTIVE | CapNG::Type::INHERITABLE | CapNG::Type::PERMITTED, :dac_read_search)
+puts "CapNG#update(drop): #{ret ? 'success' : 'fail'}"
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+
+ret = capng.apply(:caps)
+puts "CapNG#apply(drop): #{ret ? 'success' : 'fail'}"
+
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+begin
+  File.read(target_file)
+rescue Errno::EACCES
+  puts "permission denied even if run as root"
+end

data/example/process_capability_without_root.rb

@@ -0,0 +1,36 @@
+# Copyright 2020- Hiroshi Hatake
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'capng'
+
+capng = CapNG.new(:current_process)
+unless capng.have_capability?(:effective, :dac_read_search)
+  puts "This example needs to setup :dac_read_search capability on running Ruby executable."
+  exit 2
+end
+
+print = CapNG::Print.new
+puts "capability: #{print.caps_text(:buffer, :effective)}"
+target_file = ARGV[0] || "/var/log/syslog"
+
+path = "/var/log/syslog"
+unless File.readable?(path)
+  puts "-----unreadable!!!!-----\ntarget: #{target_file}"
+end
+if capng.have_capability?(:effective, :dac_read_search)
+  contents = File.read(target_file)
+  if contents.length >= 0
+    puts "succeeded to read: #{target_file} w/o root user"
+  end
+end

data/ext/capng/capability.c

@@ -83,7 +83,7 @@ rb_capng_capability_from_name(VALUE self, VALUE rb_capability_name_or_symbol)
 void
 Init_capng_capability(VALUE rb_cCapNG)
 {
-  rb_cCapability = rb_define_class_under(rb_cCapNG, "Capability", rb_cObject);
+  VALUE rb_cCapability = rb_define_class_under(rb_cCapNG, "Capability", rb_cObject);
 
   rb_define_alloc_func(rb_cCapability, rb_capng_capability_alloc);
 

data/ext/capng/capng.c

@@ -46,27 +46,106 @@ rb_capng_alloc(VALUE klass)
 }
 
 static VALUE
-rb_capng_initialize(VALUE self)
+rb_capng_initialize(int argc, VALUE *argv, VALUE self)
 {
+  VALUE rb_target, rb_pid_or_file;
+  int result = 0;
+  char *target = NULL;
+  int pid = 0, fd = 0;
+  rb_io_t *fptr = NULL;
+
+  rb_scan_args(argc, argv, "02", &rb_target, &rb_pid_or_file);
+
+  if (NIL_P(rb_target)) {
+    return Qnil;
+  }
+
+  if (RB_TYPE_P(rb_target, T_SYMBOL)) {
+    target = RSTRING_PTR(rb_sym2str(rb_target));
+  } else if (RB_TYPE_P(rb_target, T_STRING)) {
+    target = StringValuePtr(rb_target);
+  } else {
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance for tagret argument");
+  }
+
+  if (strcmp(target, "current_process") == 0) {
+    result = capng_get_caps_process();
+    if (result != 0) {
+      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
+    }
+  } else if (strcmp(target, "other_process") == 0) {
+    Check_Type(rb_pid_or_file, T_FIXNUM);
+
+    pid = NUM2INT(rb_pid_or_file);
+    capng_setpid(pid);
+    result = capng_get_caps_process();
+    if (result != 0) {
+      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
+    }
+  } else if (strcmp(target, "file") == 0) {
+    Check_Type(rb_pid_or_file, T_FILE);
+
+    fptr = RFILE(rb_pid_or_file)->fptr;
+    fd = fptr->fd;
+    result = capng_get_caps_fd(fd);
+    /* Just store result into instance variable. */
+    /* This is because capng_get_caps_fd should return 0 if file cap is not set. */
+    rb_iv_set(self, "@return_code", INT2NUM(result));
+  }
+
   return Qnil;
 }
 
 static VALUE
-rb_capng_clear(VALUE self, VALUE rb_action_set)
+rb_capng_return_code(VALUE self)
 {
-  Check_Type(rb_action_set, T_FIXNUM);
+  return rb_iv_get(self, "@return_code");
+}
 
-  capng_clear(NUM2INT(rb_action_set));
+static VALUE
+rb_capng_clear(VALUE self, VALUE rb_select_name_or_enum)
+{
+  capng_select_t select = 0;
+
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+
+  capng_clear(select);
 
   return Qnil;
 }
 
 static VALUE
-rb_capng_fill(VALUE self, VALUE rb_action_set)
+rb_capng_fill(VALUE self, VALUE rb_select_name_or_enum)
 {
-  Check_Type(rb_action_set, T_FIXNUM);
+  capng_select_t select = 0;
+
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  capng_fill(NUM2INT(rb_action_set));
+  capng_fill(select);
 
   return Qnil;
 }
@@ -94,13 +173,41 @@ rb_capng_get_caps_process(VALUE self)
 }
 
 static VALUE
-rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_capability_or_name)
+rb_capng_update(VALUE self,
+                VALUE rb_action_name_or_action, VALUE rb_capability_name_or_type, VALUE rb_capability_or_name)
 {
   int result = 0;
   unsigned int capability = 0;
+  capng_type_t capability_type = 0;
+  capng_act_t action = 0;
+
+  switch (TYPE(rb_action_name_or_action)) {
+  case T_SYMBOL:
+    action = action_name_to_action_type(RSTRING_PTR(rb_sym2str(rb_action_name_or_action)));
+    break;
+  case T_STRING:
+    action = action_name_to_action_type(StringValuePtr(rb_action_name_or_action));
+    break;
+  case T_FIXNUM:
+    action = NUM2INT(rb_action_name_or_action);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  Check_Type(rb_action_set, T_FIXNUM);
-  Check_Type(rb_update_type, T_FIXNUM);
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
   switch (TYPE(rb_capability_or_name)) {
   case T_SYMBOL:
@@ -116,7 +223,7 @@ rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_
     rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability constant");
   }
 
-  result = capng_update(NUM2UINT(rb_action_set), NUM2INT(rb_update_type), capability);
+  result = capng_update(action, capability_type, capability);
 
   if (result == 0)
     return Qtrue;
@@ -125,13 +232,26 @@ rb_capng_update(VALUE self, VALUE rb_action_set, VALUE rb_update_type, VALUE rb_
 }
 
 static VALUE
-rb_capng_apply(VALUE self, VALUE rb_action_set)
+rb_capng_apply(VALUE self, VALUE rb_select_name_or_enum)
 {
   int result = 0;
+  capng_select_t select = 0;
 
-  Check_Type(rb_action_set, T_FIXNUM);
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  result = capng_apply(NUM2INT(rb_action_set));
+  result = capng_apply(select);
 
   if (result == 0)
     return Qtrue;
@@ -166,20 +286,49 @@ rb_capng_change_id(VALUE self, VALUE rb_uid, VALUE rb_gid, VALUE rb_flags)
 }
 
 static VALUE
-rb_capng_have_capabilities_p(VALUE self, VALUE rb_select_enum)
+rb_capng_have_capabilities_p(VALUE self, VALUE rb_select_name_or_enum)
 {
   int result = 0;
+  capng_select_t select = 0;
 
-  result = capng_have_capabilities(NUM2INT(rb_select_enum));
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+  result = capng_have_capabilities(select);
 
   return INT2NUM(result);
 }
 
 static VALUE
-rb_capng_have_capability_p(VALUE self, VALUE rb_update_type, VALUE rb_capability_or_name)
+rb_capng_have_capability_p(VALUE self, VALUE rb_capability_name_or_type, VALUE rb_capability_or_name)
 {
   int result = 0;
   unsigned int capability = 0;
+  capng_type_t capability_type = 0;
+
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
   switch (TYPE(rb_capability_or_name)) {
   case T_SYMBOL:
@@ -195,7 +344,7 @@ rb_capng_have_capability_p(VALUE self, VALUE rb_update_type, VALUE rb_capability
     rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability constant");
   }
 
-  result = capng_have_capability(NUM2INT(rb_update_type), capability);
+  result = capng_have_capability(capability_type, capability);
 
   if (result == 1)
     return Qtrue;
@@ -250,11 +399,12 @@ rb_capng_apply_caps_file(VALUE self, VALUE rb_file)
 void
 Init_capng(void)
 {
-  rb_cCapNG = rb_define_class("CapNG", rb_cObject);
+  VALUE rb_cCapNG = rb_define_class("CapNG", rb_cObject);
 
   rb_define_alloc_func(rb_cCapNG, rb_capng_alloc);
 
-  rb_define_method(rb_cCapNG, "initialize", rb_capng_initialize, 0);
+  rb_define_method(rb_cCapNG, "initialize", rb_capng_initialize, -1);
+  rb_define_method(rb_cCapNG, "return_code", rb_capng_return_code, 0);
   rb_define_method(rb_cCapNG, "clear", rb_capng_clear, 1);
   rb_define_method(rb_cCapNG, "fill", rb_capng_fill, 1);
   rb_define_method(rb_cCapNG, "setpid", rb_capng_setpid, 1);

data/ext/capng/capng.h

@@ -20,17 +20,25 @@
 
 #include <cap-ng.h>
 #include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
-VALUE rb_cCapNG;
-VALUE rb_cCapNGPrint;
-VALUE rb_cCapability;
-VALUE rb_cState;
-VALUE rb_mAction;
-VALUE rb_mSelect;
-VALUE rb_mType;
-VALUE rb_mResult;
-VALUE rb_mPrint;
-VALUE rb_mFlags;
+extern VALUE rb_cCapNG;
+extern VALUE rb_cCapNGPrint;
+extern VALUE rb_cCapability;
+extern VALUE rb_cState;
+extern VALUE rb_mAction;
+extern VALUE rb_mSelect;
+extern VALUE rb_mType;
+extern VALUE rb_mResult;
+extern VALUE rb_mPrint;
+extern VALUE rb_mFlags;
+
+capng_select_t select_name_to_select_type(char *select_name);
+capng_act_t action_name_to_action_type(char *action_name);
+capng_print_t print_name_to_print_type(char *print_name);
+capng_type_t capability_type_name_to_capability_type(char *capability_name);
 
 void Init_capng_capability(VALUE);
 void Init_capng_enum(VALUE);

data/ext/capng/enum.c

@@ -15,11 +15,11 @@
 
 void Init_capng_enum(VALUE rb_cCapNG)
 {
-  rb_mAction = rb_define_module_under(rb_cCapNG, "Action");
-  rb_mSelect = rb_define_module_under(rb_cCapNG, "Select");
-  rb_mType = rb_define_module_under(rb_cCapNG, "Type");
-  rb_mResult = rb_define_module_under(rb_cCapNG, "Result");
-  rb_mFlags = rb_define_module_under(rb_cCapNG, "Flags");
+  VALUE rb_mAction = rb_define_module_under(rb_cCapNG, "Action");
+  VALUE rb_mSelect = rb_define_module_under(rb_cCapNG, "Select");
+  VALUE rb_mType = rb_define_module_under(rb_cCapNG, "Type");
+  VALUE rb_mResult = rb_define_module_under(rb_cCapNG, "Result");
+  VALUE rb_mFlags = rb_define_module_under(rb_cCapNG, "Flags");
 
   // capng_cat_t enum constants
   rb_define_const(rb_mAction, "DROP", INT2NUM(CAPNG_DROP));
@@ -29,10 +29,10 @@ void Init_capng_enum(VALUE rb_cCapNG)
   rb_define_const(rb_mSelect, "CAPS", INT2NUM(CAPNG_SELECT_CAPS));
   rb_define_const(rb_mSelect, "BOUNDS", INT2NUM(CAPNG_SELECT_BOUNDS));
   rb_define_const(rb_mSelect, "BOTH", INT2NUM(CAPNG_SELECT_BOTH));
-#if defined(CAPNG_SELECT_AMBIENT)
+#if defined(HAVE_CONST_CAPNG_SELECT_AMBIENT)
   rb_define_const(rb_mSelect, "AMBIENT", INT2NUM(CAPNG_SELECT_AMBIENT));
 #endif
-#if defined(CAPNG_SELECT_ALL)
+#if defined(HAVE_CONST_CAPNG_SELECT_ALL)
   rb_define_const(rb_mSelect, "ALL", INT2NUM(CAPNG_SELECT_ALL));
 #endif
 
@@ -41,7 +41,7 @@ void Init_capng_enum(VALUE rb_cCapNG)
   rb_define_const(rb_mType, "PERMITTED", INT2NUM(CAPNG_PERMITTED));
   rb_define_const(rb_mType, "INHERITABLE", INT2NUM(CAPNG_INHERITABLE));
   rb_define_const(rb_mType, "BOUNDING_SET", INT2NUM(CAPNG_BOUNDING_SET));
-#if defined(CAPNG_AMBIENT)
+#if defined(HAVE_CONST_CAPNG_AMBIENT)
   rb_define_const(rb_mType, "AMBIENT", INT2NUM(CAPNG_AMBIENT));
 #endif
 
@@ -55,5 +55,8 @@ void Init_capng_enum(VALUE rb_cCapNG)
   rb_define_const(rb_mFlags, "NO_FLAG", LONG2NUM(CAPNG_NO_FLAG));
   rb_define_const(rb_mFlags, "DROP_SUPP_GRP", LONG2NUM(CAPNG_DROP_SUPP_GRP));
   rb_define_const(rb_mFlags, "CLEAR_BOUNDING", LONG2NUM(CAPNG_CLEAR_BOUNDING));
+#if defined(HAVE_CONST_CAPNG_INIT_SUPP_GRP)
+  // Ubuntu Trusty's libcap-ng-dev doesn't have CAPNG_INIT_SUPP_GRP constant.
   rb_define_const(rb_mFlags, "INIT_SUPP_GRP", LONG2NUM(CAPNG_INIT_SUPP_GRP));
+#endif
 }

data/ext/capng/extconf.rb

@@ -24,6 +24,10 @@ pkg_config("libcap-ng")
 $CFLAGS << " -Wall -std=c99 -fPIC "
 # $CFLAGS << " -g -O0"
 
+have_const("CAPNG_SELECT_AMBIENT", "cap-ng.h")
+have_const("CAPNG_SELECT_ALL", "cap-ng.h")
+have_const("CAPNG_AMBIENT", "cap-ng.h")
+have_const("CAPNG_INIT_SUPP_GRP", "cap-ng.h")
 have_func("rb_sym2str", "ruby.h")
 have_func("capng_get_caps_fd", "cap-ng.h")
 create_makefile("capng/capng")

data/ext/capng/print.c

@@ -52,16 +52,46 @@ rb_capng_print_initialize(VALUE self)
 }
 
 static VALUE
-rb_capng_print_caps_text(VALUE self, VALUE rb_where, VALUE rb_select_set)
+rb_capng_print_caps_text(VALUE self, VALUE rb_where_name_or_type, VALUE rb_capability_name_or_type)
 {
   char *result = NULL;
+  capng_type_t capability_type = 0;
+  capng_print_t print_type = 0;
 
-  switch (NUM2LONG(rb_where)) {
+  switch (TYPE(rb_capability_name_or_type)) {
+  case T_SYMBOL:
+    capability_type = capability_type_name_to_capability_type(RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
+    break;
+  case T_STRING:
+    capability_type = capability_type_name_to_capability_type(StringValuePtr(rb_capability_name_or_type));
+    break;
+  case T_FIXNUM:
+    capability_type = NUM2INT(rb_capability_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
+
+  switch (TYPE(rb_where_name_or_type)) {
+  case T_SYMBOL:
+    print_type = print_name_to_print_type(RSTRING_PTR(rb_sym2str(rb_where_name_or_type)));
+    break;
+  case T_STRING:
+    print_type = print_name_to_print_type(StringValuePtr(rb_where_name_or_type));
+    break;
+  case T_FIXNUM:
+    print_type = NUM2INT(rb_where_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a print type constant");
+  }
+
+  switch (print_type) {
   case CAPNG_PRINT_STDOUT:
-    capng_print_caps_text(CAPNG_PRINT_STDOUT, NUM2LONG(rb_select_set));
+    capng_print_caps_text(CAPNG_PRINT_STDOUT, capability_type);
     break;
   case CAPNG_PRINT_BUFFER:
-    result = capng_print_caps_text(CAPNG_PRINT_BUFFER, NUM2INT(rb_select_set));
+    result = capng_print_caps_text(CAPNG_PRINT_BUFFER, capability_type);
   }
 
   if (result)
@@ -71,16 +101,46 @@ rb_capng_print_caps_text(VALUE self, VALUE rb_where, VALUE rb_select_set)
 }
 
 static VALUE
-rb_capng_print_caps_numeric(VALUE self, VALUE rb_where, VALUE rb_select_set)
+rb_capng_print_caps_numeric(VALUE self, VALUE rb_where_name_or_type, VALUE rb_select_name_or_enum)
 {
   char *result = NULL;
+  capng_select_t select = 0;
+  capng_print_t print_type = 0;
+
+  switch (TYPE(rb_where_name_or_type)) {
+  case T_SYMBOL:
+    print_type = print_name_to_print_type(RSTRING_PTR(rb_sym2str(rb_where_name_or_type)));
+    break;
+  case T_STRING:
+    print_type = print_name_to_print_type(StringValuePtr(rb_where_name_or_type));
+    break;
+  case T_FIXNUM:
+    print_type = NUM2INT(rb_where_name_or_type);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a print type constant");
+  }
+
+  switch (TYPE(rb_select_name_or_enum)) {
+  case T_SYMBOL:
+    select = select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
+    break;
+  case T_STRING:
+    select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
+    break;
+  case T_FIXNUM:
+    select = NUM2INT(rb_select_name_or_enum);
+    break;
+  default:
+    rb_raise(rb_eArgError, "Expected a String or a Symbol instance, or a capability type constant");
+  }
 
-  switch (NUM2LONG(rb_where)) {
+  switch (print_type) {
   case CAPNG_PRINT_STDOUT:
-    capng_print_caps_numeric(CAPNG_PRINT_STDOUT, NUM2INT(rb_select_set));
+    capng_print_caps_numeric(CAPNG_PRINT_STDOUT, select);
     break;
   case CAPNG_PRINT_BUFFER:
-    result = capng_print_caps_numeric(CAPNG_PRINT_BUFFER, NUM2LONG(rb_select_set));
+    result = capng_print_caps_numeric(CAPNG_PRINT_BUFFER, select);
   }
 
   if (result)
@@ -91,7 +151,7 @@ rb_capng_print_caps_numeric(VALUE self, VALUE rb_where, VALUE rb_select_set)
 
 void Init_capng_print(VALUE rb_cCapNG)
 {
-  rb_cCapNGPrint = rb_define_class_under(rb_cCapNG, "Print", rb_cObject);
+  VALUE rb_cCapNGPrint = rb_define_class_under(rb_cCapNG, "Print", rb_cObject);
 
   rb_define_alloc_func(rb_cCapNGPrint, rb_capng_print_alloc);
 

data/ext/capng/state.c

@@ -90,7 +90,7 @@ rb_capng_state_restore(VALUE self)
 void
 Init_capng_state(VALUE rb_cCapNG)
 {
-  rb_cState = rb_define_class_under(rb_cCapNG, "State", rb_cObject);
+  VALUE rb_cState = rb_define_class_under(rb_cCapNG, "State", rb_cObject);
 
   rb_define_alloc_func(rb_cState, rb_capng_state_alloc);
 

data/ext/capng/utils.c

@@ -0,0 +1,80 @@
+/* capng_c */
+/* Copyright 2020- Hiroshi Hatake*/
+/* */
+/* Licensed under the Apache License, Version 2.0 (the "License"); */
+/* you may not use this file except in compliance with the License. */
+/* You may obtain a copy of the License at */
+/*     http://www.apache.org/licenses/LICENSE-2.0 */
+/* Unless required by applicable law or agreed to in writing, software */
+/* distributed under the License is distributed on an "AS IS" BASIS, */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
+/* See the License for the specific language governing permissions and */
+/* limitations under the License. */
+
+#include <capng.h>
+
+capng_select_t
+select_name_to_select_type(char *select_name)
+{
+  if (strcmp(select_name, "caps") == 0) {
+    return CAPNG_SELECT_CAPS;
+  } else if (strcmp(select_name, "bounds") == 0) {
+    return CAPNG_SELECT_BOUNDS;
+  } else if (strcmp(select_name, "both") == 0) {
+    return CAPNG_SELECT_BOTH;
+#if defined(HAVE_CONST_CAPNG_SELECT_AMBIENT)
+  } else if (strcmp(select_name, "ambient") == 0) {
+    return CAPNG_SELECT_AMBIENT;
+#endif
+#if defined(HAVE_CONST_CAPNG_SELECT_ALL)
+  } else if (strcmp(select_name, "all") == 0) {
+    return CAPNG_SELECT_ALL;
+#endif
+  } else {
+    rb_raise(rb_eArgError, "unknown select name %s", select_name);
+  }
+}
+
+capng_act_t
+action_name_to_action_type(char *action_name)
+{
+  if (strcmp(action_name, "drop") == 0) {
+    return CAPNG_DROP;
+  } else if (strcmp(action_name, "add") == 0) {
+    return CAPNG_ADD;
+  } else {
+    rb_raise(rb_eArgError, "unknown action name %s", action_name);
+  }
+}
+
+capng_print_t
+print_name_to_print_type(char *print_name)
+{
+  if (strcmp(print_name, "stdout") == 0) {
+    return CAPNG_PRINT_STDOUT;
+  } else if (strcmp(print_name, "buffer") == 0) {
+    return CAPNG_PRINT_BUFFER;
+  } else {
+    rb_raise(rb_eArgError, "unknown print name %s", print_name);
+  }
+}
+
+capng_type_t
+capability_type_name_to_capability_type(char *capability_name)
+{
+  if (strcmp(capability_name, "effective") == 0) {
+    return CAPNG_EFFECTIVE;
+  } else if (strcmp(capability_name, "permitted") == 0) {
+    return CAPNG_PERMITTED;
+  } else if (strcmp(capability_name, "inheritable") == 0) {
+    return CAPNG_INHERITABLE;
+  } else if (strcmp(capability_name, "bounding_set") == 0) {
+    return CAPNG_BOUNDING_SET;
+#if defined(HAVE_CONST_CAPNG_AMBIENT)
+  } else if (strcmp(capability_name, "ambient") == 0) {
+    return CAPNG_AMBIENT;
+#endif
+  } else {
+    rb_raise(rb_eArgError, "unknown capability name: %s", capability_name);
+  }
+}

data/lib/capng.rb

@@ -7,6 +7,19 @@ class CapNG
   alias_method :caps_file_raw, :caps_file
   alias_method :apply_caps_file_raw, :apply_caps_file
   alias_method :update_raw, :update
+  alias_method :initialize_raw, :initialize
+
+  def initialize(target = nil, pid_or_path = nil)
+    if target && pid_or_path.is_a?(Integer)
+      initialize_raw(target, pid_or_path)
+    elsif target && pid_or_path.is_a?(String) && File.exist?(pid_or_path)
+      File.open(pid_or_path) do |file|
+        initialize_raw(target, file);
+      end
+    else
+      initialize_raw(target, pid_or_path)
+    end
+  end
 
   def caps_file(file_or_string_path)
     if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
@@ -23,7 +36,7 @@ class CapNG
   def apply_caps_file(file_or_string_path)
     if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
       File.open(file_or_string_path) do |f|
-        apply_cps_file_raw(f)
+        apply_caps_file_raw(f)
       end
     elsif file_or_string_path.is_a?(File)
       apply_caps_file_raw(file_or_string_path)
@@ -34,9 +47,13 @@ class CapNG
 
   def update(action, type, capability_or_capability_array)
     if capability_or_capability_array.is_a?(Array) && !capability_or_capability_array.empty?
+      results = []
       capability_or_capability_array.each do |capability|
-        update_raw(action, type, capability)
+        result = update_raw(action, type, capability)
+        results << result
+        return results if !result
       end
+      results
     else
       update_raw(action, type, capability_or_capability_array)
     end

data/lib/capng/version.rb

@@ -1,3 +1,3 @@
 class CapNG
-  VERSION = "0.1.1"
+  VERSION = "0.1.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: capng_c
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.6
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-10-27 00:00:00.000000000 Z
+date: 2020-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -89,6 +89,9 @@ files:
 - bin/console
 - bin/setup
 - capng_c.gemspec
+- example/file_capability.rb
+- example/process_capability.rb
+- example/process_capability_without_root.rb
 - ext/capng/capability.c
 - ext/capng/capng.c
 - ext/capng/capng.h
@@ -96,10 +99,12 @@ files:
 - ext/capng/extconf.rb
 - ext/capng/print.c
 - ext/capng/state.c
+- ext/capng/utils.c
 - lib/capng.rb
 - lib/capng/version.rb
 homepage: https://github.com/cosmo0920/cap-ng_c
-licenses: []
+licenses:
+- Apache-2.0
 metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/cosmo0920/cap-ng_c