dissect.target.plugins.filesystem.unix.capability

Module Contents

Classes

Capabilities

Enum where members are also (and must be) ints

CapabilityPlugin

Plugin to yield files with capabilites set.

Functions

parse_attr

Efficiently parse a Linux xattr capability struct.

Attributes

CapabilityRecord

VFS_CAP_REVISION_MASK

VFS_CAP_REVISION_SHIFT

VFS_CAP_FLAGS_MASK

VFS_CAP_FLAGS_EFFECTIVE

VFS_CAP_REVISION_1

VFS_CAP_U32_1

VFS_CAP_REVISION_2

VFS_CAP_U32_2

VFS_CAP_REVISION_3

VFS_CAP_U32_3

dissect.target.plugins.filesystem.unix.capability.CapabilityRecord
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_REVISION_MASK = 4278190080
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_REVISION_SHIFT = 24
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_FLAGS_MASK = 16777215
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_FLAGS_EFFECTIVE = 1
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_REVISION_1 = 16777216
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_U32_1 = 1
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_REVISION_2 = 33554432
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_U32_2 = 2
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_REVISION_3 = 50331648
dissect.target.plugins.filesystem.unix.capability.VFS_CAP_U32_3 = 2
class dissect.target.plugins.filesystem.unix.capability.Capabilities

Bases: enum.IntEnum

Enum where members are also (and must be) ints

CAP_CHOWN = 0
CAP_DAC_OVERRIDE = 1
CAP_FOWNER = 3
CAP_FSETID = 4
CAP_KILL = 5
CAP_SETGID = 6
CAP_SETUID = 7
CAP_SETPCAP = 8
CAP_LINUX_IMMUTABLE = 9
CAP_NET_BIND_SERVICE = 10
CAP_NET_BROADCAST = 11
CAP_NET_ADMIN = 12
CAP_NET_RAW = 13
CAP_IPC_LOCK = 14
CAP_IPC_OWNER = 15
CAP_SYS_MODULE = 16
CAP_SYS_RAWIO = 17
CAP_SYS_CHROOT = 18
CAP_SYS_PTRACE = 19
CAP_SYS_PACCT = 20
CAP_SYS_ADMIN = 21
CAP_SYS_BOOT = 22
CAP_SYS_NICE = 23
CAP_SYS_RESOURCE = 24
CAP_SYS_TIME = 25
CAP_SYS_TTY_CONFIG = 26
CAP_MKNOD = 27
CAP_LEASE = 28
CAP_AUDIT_WRITE = 29
CAP_AUDIT_CONTROL = 30
CAP_SETFCAP = 31
CAP_MAC_OVERRIDE = 32
CAP_MAC_ADMIN = 33
CAP_SYSLOG = 34
CAP_WAKE_ALARM = 35
CAP_BLOCK_SUSPEND = 36
CAP_AUDIT_READ = 37
CAP_PERFMON = 38
CAP_BPF = 39
CAP_CHECKPOINT_RESTORE = 40
class dissect.target.plugins.filesystem.unix.capability.CapabilityPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Plugin to yield files with capabilites set.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

capability_binaries() Iterator[CapabilityRecord]

Find all files that have capabilities set on files.

Resources:
dissect.target.plugins.filesystem.unix.capability.parse_attr(attr: bytes) tuple[list[str], list[str], bool, int]

Efficiently parse a Linux xattr capability struct.

Returns:

A tuple of permitted capability names, inheritable capability names, effective flag and root_id.