capget, capset - set/get process capabilities
#undef _POSIX_SOURCE
#include <sys/capability.h>
int capget(cap_user_header_t header, cap_user_data_t data);
int capset(cap_user_header_t header, const cap_user_data_t data);
As of Linux 2.2, the power of the superuser (root) has been partitioned
into a set of discrete capabilities. Every process has a set of effective
capabilities identifying which capabilities (if any) it may currently
exercise. Every process also has a set of inheritable capabilities
that may be passed through an execve(2) and a set of permitted
capabilites that it can make effective or inheritable.
These two functions are the raw kernel interface for getting and setting
capabilities. Not only are these system calls specific to Linux,
but the kernel API is likely to change and use of these functions (in
particular the format of the cap_user_*_t types) is subject to change
with each kernel revision.
The portable interfaces are cap_set_proc(3) and cap_get_proc(3); if
possible you should use those interfaces in applications. If you wish
to use the Linux extensions in applications, you should use the easierto-use
interfaces capsetp(3) and capgetp(3).
On success, zero is returned. On error, -1 is returned, and errno is
set appropriately.
EINVAL One of the arguments was invalid.
EPERM An attempt was made to add a capability to the Permitted set, or
to set a capability in the Effective or Inheritable sets that is
not in the Permitted set.
The portable interface to the capability querying and setting functions
is provided by the libcap library and is available from here:
ftp://linux.kernel.org/pub/linux/libs/security/linux-privs
Linux 2.2 1999-09-09 CAPGET(2)
[ Back ] | 