Top 0.6% dependent packages on proxy.golang.org
Top 0.5% dependent repos on proxy.golang.org
Top 0.4% docker downloads on proxy.golang.org
proxy.golang.org : kernel.org/pub/linux/libs/security/libcap/cap
Package cap provides all the Linux Capabilities userspace library API bindings in native Go. Capabilities are a feature of the Linux kernel that allow fine grain permissions to perform privileged operations. Privileged operations are required to do irregular system level operations from code. You can read more about how Capabilities are intended to work in this Linux Symposium paper. This package supports native Go bindings for all the features described in that paper as well as supporting subsequent changes to the kernel for other styles of inheritable Capability. Some simple things you can do with this package are: This `"cap"` package operates with POSIX semantics for security state. That is all OS threads are kept in sync at all times. The package `"kernel.org/pub/linux/libs/security/libcap/psx"` is used to implement POSIX semantics system calls that manipulate thread state uniformly over the whole Go (and any CGo linked) process runtime. Note, if the Go runtime syscall interface contains the Linux variant `syscall.AllThreadsSyscall()` API (it debuted in go1.16 see Go bug 1435 for its history) then the "libcap/psx" package will use that to invoke Capability setting system calls in pure Go binaries. With such an enhanced Go runtime, to force this behavior, use the CGO_ENABLED=0 environment variable. POSIX semantics are more secure than trying to manage privilege at a thread level when those threads share a common memory image as they do under Linux: it is trivial to exploit a vulnerability in one thread of a process to cause execution on any another thread. So, any imbalance in security state, in such cases will readily create an opportunity for a privilege escalation vulnerability. POSIX semantics also work well with Go, which deliberately tries to insulate the user from worrying about the number of OS threads that are actually running in their program. Indeed, Go can efficiently launch and manage tens of thousands of concurrent goroutines without bogging the program or wider system down. It does this by aggressively migrating idle threads to make progress on unblocked goroutines. So, inconsistent security state across OS threads can also lead to program misbehavior. The only exception to this process-wide common security state is the cap.Launcher related functionality. This briefly locks an OS thread to a goroutine in order to launch another executable - the robust implementation of this kind of support is quite subtle, so please read its documentation carefully, if you find that you need it. See the Fully Capable site for recent updates, some more complete walk-through examples of ways of using 'cap.Set's etc and information on how to file bugs. Copyright (c) 2019-21 Andrew G. Morgan <[email protected]> The cap and psx packages are licensed with a (you choose) BSD 3-clause or GPL2. See LICENSE file for details.
Registry
- Homepage
- Documentation
- JSON
purl: pkg:golang/kernel.org/pub/linux/libs/security/libcap/cap
License: GPL-2.0
Latest release: 21 days ago
First release: almost 5 years ago
Namespace: kernel.org/pub/linux/libs/security/libcap
Dependent packages: 79
Dependent repositories: 151
Docker dependents: 258
Docker downloads: 303,504,480
Last synced: about 2 hours ago