Skip to content

Commit

Permalink
chore: Update faq.md with cargo install explanation and add avoid car…
Browse files Browse the repository at this point in the history 
…go install in build.rs
  • Loading branch information
@LeChatP
LeChatP committed Sep 23, 2024
1 parent 3cb1363 commit 6e59833
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
6 changes: 6 additions & 0 deletions book/src/faq.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@

This page contains known issues and solutions for RootAsRole project.

## Why I cannot do `cargo install rootasrole` command ?

The `cargo install` command is primarily designed to install Rust binaries into a user’s local environment, specifically into the `.cargo/bin` directory in the user’s home directory. The philosophy behind this is to keep the installation process simple and unprivileged, avoiding system-wide changes that would require root or admin permissions.

In this context, RootAsRole is a privilege escalation tool, so it requires privileges to work. As the `cargo install` command is not designed to install system-wide binaries, so RootAsRole won't work as expected this way.

## capable does not work on my OS, what can I do ?

capable is a tool based on eBPF features, so it requires a Linux kernel version 4.1 or later. Additionnally you need many kernel features enabled, [described here](https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration). It is also, possible that the program cannot allocate memory, in this case you may consider to add CAP_SYS_RESOURCE capability to the program, but this may not solve completely the issue.
Expand Down
7 changes: 7 additions & 0 deletions build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use std::error::Error;
use std::fs::{self, File};
use std::io::{BufRead, BufReader, Write};
use std::path::Path;
use std::process::Command;

Check warning on line 6 in build.rs

View workflow job for this annotation

GitHub Actions / clippy

unused import: `std::process::Command` 

warning: unused import: `std::process::Command`
 --> build.rs:6:5
  |
6 | use std::process::Command;
  |     ^^^^^^^^^^^^^^^^^^^^^
  |
  = note: `#[warn(unused_imports)]` on by default


fn package_version(json: &Value) -> Result<&str, Box<dyn Error>> {
Expand Down Expand Up @@ -63,6 +64,11 @@ fn main() {
println!("cargo:rerun-if-changed=resources/rootasrole.json");
println!("cargo:rerun-if-changed=build.rs");

let is_install = std::env::var("CARGO_INSTALL_ROOT").is_ok();
if is_install {
panic!("This crate is not meant to be installed with cargo install, please download .deb or .rpm and install it with your package manager.\nSee: https://lechatp.github.io/RootAsRole/faq.html");
}

let json: Value = include_str!("resources/rootasrole.json")
.parse()
.expect("Failed to parse rootasrole.json");
Expand All @@ -71,6 +77,7 @@ fn main() {
if dest_path.exists() && fs::read_to_string(&dest_path).unwrap().ends_with(&format!("\"{}\";\n",package_version)) {
return;
}

let mut f = File::create(dest_path).unwrap();
f.write_all(b"// This file is generated by build.rs\n")
.unwrap();
Expand Down

0 comments on commit 6e59833

Please sign in to comment.