FsCapability

FsCapability represents a single filesystem permission grant. It’s a read-only view returned by CapabilitySet.fs_capabilities().

You don’t create FsCapability objects directly. They’re created internally when you call allow_path() or allow_file() on a CapabilitySet.

Properties

original

@property
original: str

The original path as specified by the user.

from nono_py import CapabilitySet, AccessMode

caps = CapabilitySet()
caps.allow_path("/tmp", AccessMode.READ)

cap = caps.fs_capabilities()[0]
print(cap.original)  # "/tmp"

resolved

@property
resolved: str

The canonicalized absolute path after resolving symlinks.

cap = caps.fs_capabilities()[0]
print(cap.resolved)  # "/private/tmp" (on macOS, /tmp -> /private/tmp)

On macOS, common paths like /tmp, /var, and /etc are symlinks to /private/tmp, /private/var, and /private/etc respectively.

access

@property
access: AccessMode

The access mode granted for this path.

cap = caps.fs_capabilities()[0]
print(cap.access)  # AccessMode.READ

is_file

@property
is_file: bool

True if this capability grants access to a single file, False for a directory (recursive access).

caps = CapabilitySet()
caps.allow_path("/tmp", AccessMode.READ)
caps.allow_file("/etc/hosts", AccessMode.READ)

for cap in caps.fs_capabilities():
    kind = "file" if cap.is_file else "directory"
    print(f"{cap.resolved}: {kind}")
# /private/tmp: directory
# /private/etc/hosts: file

source

@property
source: CapabilitySource

The origin of this capability (user, group, or system).

cap = caps.fs_capabilities()[0]
print(cap.source)  # CapabilitySource(user)

See CapabilitySource for details.

String Representation

cap = caps.fs_capabilities()[0]

print(str(cap))   # "/private/tmp (read, directory)"
print(repr(cap))  # "FsCapability(path='/private/tmp', access=read, is_file=False)"

Example: Listing Capabilities

from nono_py import CapabilitySet, AccessMode

caps = CapabilitySet()
caps.allow_path("/tmp", AccessMode.READ_WRITE)
caps.allow_path("/data", AccessMode.READ)
caps.allow_file("/etc/hosts", AccessMode.READ)
caps.allow_file("/var/log/app.log", AccessMode.WRITE)

print("Filesystem Capabilities:")
print("-" * 60)

for cap in caps.fs_capabilities():
    kind = "file" if cap.is_file else "dir "
    print(f"  [{kind}] {cap.resolved}")
    print(f"         access: {cap.access}")
    print(f"         source: {cap.source}")
    print()

Output:

Filesystem Capabilities:
------------------------------------------------------------
  [dir ] /private/tmp
         access: AccessMode.READ_WRITE
         source: CapabilitySource(user)

  [dir ] /data
         access: AccessMode.READ
         source: CapabilitySource(user)

  [file] /private/etc/hosts
         access: AccessMode.READ
         source: CapabilitySource(user)

  [file] /private/var/log/app.log
         access: AccessMode.WRITE
         source: CapabilitySource(user)

CapabilitySet.fs_capabilities() - Get all capabilities
CapabilitySource - Capability origin
AccessMode - Access modes

Getting Started

API Reference

Examples

Properties

original

resolved

access

is_file

source

String Representation

Example: Listing Capabilities

Getting Started

API Reference

Examples

​Properties

​original

​resolved

​access

​is_file

​source

​String Representation

​Example: Listing Capabilities

​Related

Properties

original

resolved

access

is_file

source

String Representation

Example: Listing Capabilities

Related