.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: cargo
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "04:00"
+  open-pull-requests-limit: 10

.github/workflows/rust.yml

@@ -0,0 +1,98 @@
+---
+name: Rust
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+env:
+  CARGO_TERM_COLOR: always
+  # Minimum supported Rust version (MSRV)
+  ACTION_MSRV_TOOLCHAIN: 1.63.0
+  # Pinned toolchain for linting
+  ACTION_LINTS_TOOLCHAIN: 1.85.0
+
+jobs:
+  tests-stable:
+    name: "Tests, stable toolchain"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: "stable"
+          default: true
+      - name: cargo build --all-features
+        run: cargo build --all-features
+      - name: cargo test --all-features
+        run: cargo test --all-features
+  tests-release-stable:
+    name: "Tests (release), stable toolchain"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: "stable"
+          default: true
+      - name: cargo build (release)
+        run: cargo build --release
+      - name: cargo test (release)
+        run: cargo test --release
+  tests-release-msrv:
+    name: "Tests (release), minimum supported toolchain"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN']  }}
+          default: true
+      - name: cargo build (release)
+        run: cargo build --release
+      - name: cargo test (release)
+        run: cargo test --release
+  linting:
+    name: "Lints, pinned toolchain"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ env['ACTION_LINTS_TOOLCHAIN']  }}
+          default: true
+          components: rustfmt, clippy
+      - name: cargo clippy (warnings)
+        run: cargo clippy -- -D warnings
+      - name: cargo fmt (check)
+        run: cargo fmt -- --check -l
+  tests-other-channels:
+    name: "Tests, unstable toolchain"
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      matrix:
+        channel:
+          - "beta"
+          - "nightly"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.channel }}
+          default: true
+      - name: cargo build
+        run: cargo build
+      - name: cargo test
+        run: cargo test

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "caps"
-version = "0.5.0"
+version = "0.5.5"
 edition = "2018"
 authors = ["Luca Bruno <lucab@lucabruno.net>"]
 license = "MIT/Apache-2.0"
@@ -14,14 +14,21 @@ exclude = [
 ]
 
 [dependencies]
-errno = "^0.2"
-thiserror = "^1.0"
 libc = "^0.2"
+thiserror = "^1.0"
+serde = { version = "^1.0", features = ["derive"], optional = true}
+
+[features]
+serde_support = ["serde"]
+
+[dev-dependencies]
+serde_json = "^1.0"
 
 [package.metadata.release]
-sign-commit = true
-disable-publish = true
-disable-push = true
-pre-release-commit-message = "cargo: caps release {{version}}"
+publish = false
+push = false
 post-release-commit-message = "cargo: development version bump"
+pre-release-commit-message = "cargo: caps release {{version}}"
+sign-commit = true
+sign-tag = true
 tag-message = "caps {{version}}"

README.md

@@ -1,6 +1,5 @@
 # caps
 
-[![Build Status](https://travis-ci.com/lucab/caps-rs.svg?branch=master)](https://travis-ci.com/lucab/caps-rs)
 [![crates.io](https://img.shields.io/crates/v/caps.svg)](https://crates.io/crates/caps)
 [![Documentation](https://docs.rs/caps/badge.svg)](https://docs.rs/caps)
 

src/ambient.rs

@@ -4,12 +4,17 @@ use crate::errors::CapsError;
 use crate::nr;
 use crate::runtime;
 use crate::{Capability, CapsHashSet};
+use std::io::Error;
 
 pub fn clear() -> Result<(), CapsError> {
     let ret = unsafe { libc::prctl(nr::PR_CAP_AMBIENT, nr::PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) };
     match ret {
         0 => Ok(()),
-        _ => Err(format!("PR_CAP_AMBIENT_CLEAR_ALL failure, errno {}", errno::errno()).into()),
+        _ => Err(format!(
+            "PR_CAP_AMBIENT_CLEAR_ALL failure: {}",
+            Error::last_os_error()
+        )
+        .into()),
     }
 }
 
@@ -25,7 +30,7 @@ pub fn drop(cap: Capability) -> Result<(), CapsError> {
     };
     match ret {
         0 => Ok(()),
-        _ => Err(format!("PR_CAP_AMBIENT_LOWER failure, errno {}", errno::errno()).into()),
+        _ => Err(format!("PR_CAP_AMBIENT_LOWER failure: {}", Error::last_os_error()).into()),
     }
 }
 
@@ -42,7 +47,7 @@ pub fn has_cap(cap: Capability) -> Result<bool, CapsError> {
     match ret {
         0 => Ok(false),
         1 => Ok(true),
-        _ => Err(format!("PR_CAP_AMBIENT_IS_SET failure, errno {}", errno::errno()).into()),
+        _ => Err(format!("PR_CAP_AMBIENT_IS_SET failure: {}", Error::last_os_error()).into()),
     }
 }
 
@@ -58,7 +63,7 @@ pub fn raise(cap: Capability) -> Result<(), CapsError> {
     };
     match ret {
         0 => Ok(()),
-        _ => Err(format!("PR_CAP_AMBIENT_RAISE failure, errno {}", errno::errno()).into()),
+        _ => Err(format!("PR_CAP_AMBIENT_RAISE failure: {}", Error::last_os_error()).into()),
     }
 }
 

src/base.rs

@@ -1,6 +1,7 @@
 use crate::errors::CapsError;
 use crate::nr;
 use crate::{CapSet, Capability, CapsHashSet};
+use std::io::Error;
 
 #[allow(clippy::unreadable_literal)]
 const CAPS_V3: u32 = 0x20080522;
@@ -9,15 +10,15 @@ fn capget(hdr: &mut CapUserHeader, data: &mut CapUserData) -> Result<(), CapsErr
     let r = unsafe { libc::syscall(nr::CAPGET, hdr, data) };
     match r {
         0 => Ok(()),
-        _ => Err(format!("capget failure, errno {}", errno::errno()).into()),
+        _ => Err(format!("capget failure: {}", Error::last_os_error()).into()),
     }
 }
 
 fn capset(hdr: &mut CapUserHeader, data: &CapUserData) -> Result<(), CapsError> {
     let r = unsafe { libc::syscall(nr::CAPSET, hdr, data) };
     match r {
         0 => Ok(()),
-        _ => Err(format!("capset failure, errno {}", errno::errno()).into()),
+        _ => Err(format!("capset failure: {}", Error::last_os_error()).into()),
     }
 }
 

src/bounding.rs

@@ -2,6 +2,7 @@ use crate::errors::CapsError;
 use crate::nr;
 use crate::runtime;
 use crate::Capability;
+use std::io::Error;
 
 pub fn clear() -> Result<(), CapsError> {
     for c in super::all() {
@@ -17,8 +18,8 @@ pub fn drop(cap: Capability) -> Result<(), CapsError> {
     match ret {
         0 => Ok(()),
         _ => Err(CapsError::from(format!(
-            "PR_CAPBSET_READ failure, errno {}",
-            errno::errno()
+            "PR_CAPBSET_DROP failure: {}",
+            Error::last_os_error()
         ))),
     }
 }
@@ -29,8 +30,8 @@ pub fn has_cap(cap: Capability) -> Result<bool, CapsError> {
         0 => Ok(false),
         1 => Ok(true),
         _ => Err(CapsError::from(format!(
-            "PR_CAPBSET_READ failure, errno {}",
-            errno::errno()
+            "PR_CAPBSET_READ failure: {}",
+            Error::last_os_error()
         ))),
     }
 }

src/lib.rs

@@ -24,7 +24,7 @@ fn manipulate_caps() -> ExResult<()> {
     Ok(())
 }
 ```
-!*/
+*/
 
 pub mod errors;
 pub mod runtime;
@@ -64,9 +64,14 @@ pub enum CapSet {
 ///
 /// All capabilities supported by Linux, including standard
 /// POSIX and custom ones. See `capabilities(7)`.
-#[derive(PartialEq, Eq, Hash, Debug, Clone, Copy)]
+#[allow(clippy::manual_non_exhaustive)]
 #[allow(non_camel_case_types)]
+#[derive(PartialEq, Eq, Hash, Debug, Clone, Copy)]
 #[repr(u8)]
+#[cfg_attr(
+    feature = "serde_support",
+    derive(serde::Serialize, serde::Deserialize)
+)]
 pub enum Capability {
     /// `CAP_CHOWN` (from POSIX)
     CAP_CHOWN = nr::CAP_CHOWN,
@@ -418,6 +423,7 @@ pub fn to_canonical(name: &str) -> String {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::str::FromStr;
 
     #[test]
     fn test_all_roundtrip() {
@@ -432,7 +438,6 @@ mod tests {
 
     #[test]
     fn test_parse_invalid() {
-        use std::str::FromStr;
         let p1 = Capability::from_str("CAP_FOO");
         let p1_err = p1.unwrap_err();
         assert!(p1_err.to_string().contains("invalid"));
@@ -443,12 +448,34 @@ mod tests {
 
     #[test]
     fn test_to_canonical() {
-        use std::str::FromStr;
         let p1 = "foo";
         assert!(Capability::from_str(&to_canonical(p1)).is_err());
         let p2 = "sys_admin";
         assert!(Capability::from_str(&to_canonical(p2)).is_ok());
         let p3 = "CAP_SYS_CHROOT";
         assert!(Capability::from_str(&to_canonical(p3)).is_ok());
     }
+
+    #[test]
+    #[cfg(feature = "serde_support")]
+    fn test_serde() {
+        let input = "CAP_CHOWN";
+        // Serialization
+        {
+            let p1 = Capability::from_str(input).unwrap();
+            let ser = serde_json::to_value(&p1).unwrap();
+            let json_str = ser.as_str().unwrap();
+            assert_eq!(json_str, input);
+            let deser: Capability = serde_json::from_value(ser).unwrap();
+            assert_eq!(deser, p1);
+        }
+        // Deserialization
+        {
+            let json_input = format!(r#""{}""#, input);
+            let deser: Capability = serde_json::from_str(&json_input).unwrap();
+            let ser = serde_json::to_value(&deser).unwrap();
+            let json_str = ser.as_str().unwrap();
+            assert_eq!(json_str, input);
+        }
+    }
 }