libcap (3)

NAME

cap_clear, cap_clear_flag, cap_compare, cap_copy_ext, cap_copy_int, cap_free, cap_from_name, cap_from_text, cap_get_fd, cap_get_file, cap_get_flag, cap_get_pid, cap_get_proc, cap_set_fd, cap_set_file, cap_set_flag, cap_set_proc, cap_size, cap_to_name, cap_to_text, cap_get_pid, cap_dup - capability data object manipulation

SYNOPSIS

#include <sys/capability.h>

int cap_clear(cap_t cap_p);

int cap_clear_flag(cap_t cap_p, cap_flag_t flag);

int cap_compare(cap_t cap_a, cap_t cap_b);

ssize_t cap_copy_ext(void *ext_p, cap_t cap_p, ssize_t size);

cap_t cap_copy_int(const void *ext_p);

int cap_free(void *obj_d);

int cap_from_name(const char *name, cap_value_t *cap_p);

cap_t cap_from_text(const char *buf_p);

cap_t cap_get_fd(int fd);

cap_t cap_get_file(const char *path_p);

int cap_get_flag(cap_t cap_p, cap_value_t cap,
                 cap_flag_t flag, cap_flag_value_t *value_p);

#include <sys/types.h>
cap_t cap_get_pid(pid_t pid);

cap_t cap_get_proc(void);

int cap_set_fd(int fd, cap_t caps);

int cap_set_file(const char *path_p, cap_t cap_p);

int cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap,
                 const cap_value_t *caps, cap_flag_value_t value);
int cap_set_proc(cap_t cap_p);

ssize_t cap_size(cap_t cap_p);

char *cap_to_name(cap_value_t cap);

char *cap_to_text(cap_t caps, ssize_t *length_p);

cap_t cap_get_pid(pid_t pid);

cap_t cap_dup(cap_t cap_p);

Link with -lcap.

DESCRIPTION

These functions work on a capability state held in working storage. A cap_t holds information about the capabilities in each of the three sets, Permitted, Inheritable, and Effective. Each capability in a set may be clear (disabled, 0) or set (enabled, 1).

These functions work with the following data types:

cap_value_t

identifies a capability, such as CAP_CHOWN.

cap_flag_t

identifies one of the three flags associated with a capability (i.e., it identifies one of the three capability sets). Valid values for this type are CAP_EFFECTIVE, CAP_INHERITABLE or CAP_PERMITTED.

cap_flag_value_t

identifies the setting of a particular capability flag (i.e, the value of a capability in a set). Valid values for this type are CAP_CLEAR(0) or CAP_SET(1).

RETURN VALUE

The return value is generally specific to the individual function called. On failure, errno is set appropriately.

CONFORMING TO

These functions are as per the withdrawn POSIX.1e draft specification. The following functions are Linux extensions: cap_clear_flag(), cap_compare(), cap_from_name(), cap_to_name(), and cap_compare().

SEE ALSO

cap_clear(3), cap_copy_ext(3), cap_from_text(3), cap_get_file(3), cap_get_proc(3), cap_init(3), capabilities(7), getpid(2) capsh(1)