v0.1.3

Changelog:

• perf(caps): use binary search to implement Cap.probe_supported()
• refactor(caps): check for unknown capabilities supported by the kernel
• meta: remove tests directory from distribution
• meta: lower requirement to Python 3.6 (contributed by @martijnthe)
• refactor: tell ctypes about syscall argument types properly
• refactor(misc): use os.fsencode()/os.fsdecode() for process names
• docs: tweak note about python-prctl's behavior
• test: add more tests

v0.1.2

Changelog:

• refactor: remove follow_symlinks from FileCaps methods

  It was useless since file capabilities can't be attached to symlinks.

• refactor: make Cap.from_name() checks stricter

  Mostly just sanity checks; shouldn't break existing code.

• feat: add interface to filesystem UIDs/GIDs

  These aren't manipulated by prctl(), and they aren't directly related to Linux capabilities, but the setfsuid()/setfsgid() syscalls are so to use that it's helpful to have an interface for them somewhere.

• fix: make cap_set_ids() work around glibc's setgroups() synchronization

  musl currently doesn't synchronize setgroups(), so I didn't realize that glibc did.

• feat: add replace() method to the capability set objects to replace the entire set

• fix: make capbset/cap_ambient's drop() methods avoid trying to drop capabilities that aren't actually raised

  This 1) makes behavior more consistent with cap_{permitted,effective,inheritable}, 2) avoids issues regarding capabilities the kernel support, and 3) avoids needing CAP_SETPCAP to perform no-op on capbset.

• fix: add py.typed file to make mypy look for type annotations

• docs: add more documentation; fix/improve existing documentation

• docs: use latest Sphinx version on ReadTheDocs

  Fixes some issues with how the docs were generated.

• test: add more tests

v0.1.1

Changelog:

• SECURITY FIX: Detect errors when changing real/effective/saved UIDs/GIDs in cap_set_ids()
• Add Cap.is_supported() and Cap.probe_supported() helpers

v0.1.0

Initial release