LIBCAP 3 "2008-07-29" "" "Linux Programmer's Manual"
NAME
cap_clear, cap_clear_flag, cap_compare, cap_copy_ext, cap_copy_int, \
cap_free, cap_from_name, cap_from_text, cap_get_fd, cap_get_file, \
cap_get_flag, cap_get_pid, cap_get_proc, cap_set_fd, cap_set_file, \
cap_set_flag, cap_set_proc, cap_size, cap_to_name, cap_to_text, \
cap_get_pid, cap_dup - capability data object manipulation
SYNOPSIS
#include <sys/capability.h> "int cap_clear(cap_t " cap_p ); "int cap_clear_flag(cap_t " cap_p ", cap_flag_t " flag ");" "int cap_compare(cap_t " cap_a ", cap_t " cap_b ");" "ssize_t cap_copy_ext(void *" ext_p ", cap_t " cap_p ", ssize_t " size ); "cap_t cap_copy_int(const void *" ext_p ); "int cap_free(void *" obj_d ); "int cap_from_name(const char *" name ", cap_value_t *" cap_p ); "cap_t cap_from_text(const char *" buf_p ); "cap_t cap_get_fd(int " fd ); "cap_t cap_get_file(const char *" path_p ); "int cap_get_flag(cap_t " cap_p ", cap_value_t " cap , " cap_flag_t " flag ", cap_flag_value_t *" value_p ");" #include <sys/types.h> "cap_t cap_get_pid(pid_t " pid ); "cap_t cap_get_proc(void);" "int cap_set_fd(int " fd ", cap_t " caps ); "int cap_set_file(const char *" path_p ", cap_t " cap_p ); "int cap_set_flag(cap_t " cap_p ", cap_flag_t " flag ", int " ncap , " const cap_value_t *" caps ", cap_flag_value_t " value ");" "int cap_set_proc(cap_t " cap_p ); "ssize_t cap_size(cap_t " cap_p ); "char *cap_to_name(cap_value_t " cap ); "char *cap_to_text(cap_t " caps ", ssize_t *" length_p ); "cap_t cap_get_pid(pid_t " pid ); "cap_t cap_dup(cap_t " cap_p ); Link with -lcap.
DESCRIPTION
These functions work on a capability state held in working storage.
A
cap_t holds information about the capabilities in each of the three sets,
Permitted, Inheritable, and Effective.
Each capability in a set may be clear (disabled, 0) or set (enabled, 1).
These functions work with the following data types:
18 cap_value_t identifies a capability, such as CAP_CHOWN .
cap_flag_t identifies one of the three flags associated with a capability (i.e., it identifies one of the three capability sets). Valid values for this type are CAP_EFFECTIVE , CAP_INHERITABLE or CAP_PERMITTED .
cap_flag_value_t identifies the setting of a particular capability flag (i.e, the value of a capability in a set). Valid values for this type are CAP_CLEAR (0) or CAP_SET (1).
"RETURN VALUE"
The return value is generally specific to the individual function called.
On failure,
errno is set appropriately.
"CONFORMING TO"
These functions are as per the withdrawn POSIX.1e draft specification.
The following functions are Linux extensions:
cap_clear_flag (), cap_compare (), cap_from_name (), cap_to_name (), and
cap_compare (). "SEE ALSO"
cap_clear (3), cap_copy_ext (3), cap_from_text (3), cap_get_file (3), cap_get_proc (3), cap_init (3), capabilities (7), getpid (2) capsh (1)
