cap_get_proc
CAP_GET_PROC(3) Linux Programmer's Manual CAP_GET_PROC(3)
NAME
cap_get_proc, cap_set_proc - POSIX capability manipulation on processes
capgetp, capsetp - Linux specific capability manipulation on arbitrary
processes
SYNOPSIS
#include <sys/capability.h>
cap_t cap_get_proc(void);
int cap_set_proc(cap_t cap_p);
#undef _POSIX_SOURCE
#include <sys/capability.h>
cap_t capgetp(pid_t pid, cap_t cap_d);
cap_t capsetp(pid_t pid, cap_t cap_d);
USAGE
cc ... -lcap
DESCRIPTION
cap_get_proc allocates a capability state in working storage, sets its
state to that of the calling process, and returns a pointer to this
newly created capability state. The caller should free any releasable
memory, when the capability state in working storage is no longer
required, by calling cap_free with the cap_t as an argument.
cap_set_proc sets the values for all capability flags for all capabili-
ties with the capability state identified by cap_p. The new capability
state of the process will be completely determined by the contents of
cap_p upon successful return from this function. If any flag in cap_p
is set for any capability not currently permitted for the calling pro-
cess, the function will fail, and the capability state of the process
will remain unchanged.
capgetp fills an existing cap_d, see cap_init(3), with the process
capabilities of the process indicated by pid. This information can
also be obtained from the /proc/<pid>/status file.
capsetp attempts to set the capabilities of some other process(es),
pid. If pid is positive it refers to a specific process; if it is
zero, it refers to the current process; -1 refers to all processes
other than the current process and process '1' (typically init(8));
other negative values refer to the -pid process-group. In order to use
this function, the current process must have CAP_SETPCAP raised in its
Effective capability set. The capabilities set in the target pro-
cess(es) are those contained in cap_d.
RETURN VALUE
cap_get_proc returns a non-NULL value on success, and NULL on failure.
cap_set_proc, capgetp and capsetp return zero for success, and -1 on
failure.
On failure, errno(3) is set to EINVAL, EPERM, or ENOMEM.
CONFORMING TO
cap_set_proc and cap_get_proc are functions specified in the draft for
POSIX.1e.
NOTES
The function capsetp should be used with care. It exists, primarily,
to overcome a lack of support for capabilities in any of the filesys-
tems supported by Linux. The semantics of this function may change as
it is better understood. Please note, by default, the only processes
that have CAP_SETPCAP available to them are processes started as a ker-
nel-thread. (Typically this includes init(8), kflushd and kswapd). You
will need to recompile the kernel to modify this default.
SEE ALSO
cap_clear(3), cap_copy_ext(3), cap_from_text(3), cap_get_file(3),
cap_init(3)
26th May 1997 CAP_GET_PROC(3)