NAME
cap_get_proc, cap_set_proc - POSIX capability manipulation on
processes
capgetp, capsetp - Linux specific capability manipulation on
arbitrary processes
SYNOPSIS
#include <sys/capability.h>
cap_t cap_get_proc(void);
I int cap_set_proc(cap_t cap_p );
#undef _POSIX_SOURCE
#include <sys/capability.h>
I cap_t capgetp(pid_t pid , cap_t cap_d );
I cap_t capsetp(pid_t pid , cap_t cap_d );
USAGE
cc ... -lcap
DESCRIPTION
cap_get_proc
allocates a capability state in working storage, sets its state to
that of the calling process, and returns a pointer to this newly
created capability state. The caller should free any releasable
memory, when the capability state in working storage is no longer
required, by calling
cap_free
with the
cap_t
as an argument.
cap_set_proc
sets the values for all capability flags for all capabilities with the
capability state identified by
R cap_p .
The new capability state of the process will be completely determined by
the contents of
cap_p
upon successful return from this function. If any flag in
cap_p
is set for any capability not currently permitted for the calling process,
the function will fail, and the capability state of the process will remain
unchanged.
capgetp
fills an existing
R cap_d ,
see
cap_init(3),
with the process capabilities of the process indicated by
R pid .
This information can also be obtained from the
/proc/<pid>/status
file.
capsetp
attempts to set the capabilities of some other process(es),
R pid .
If
pid
is positive it refers to a specific process; if it is zero, it refers
to the current process; -1 refers to all processes other than the
current process and process '1' (typically
init(8));
other negative values refer to the
-pid
process-group. In order to use this function, the current process
must have
CAP_SETPCAP
raised in its Effective capability set. The capabilities set in the
target process(es) are those contained in
R cap_d .
RETURN VALUE
cap_get_proc
returns a non-NULL value on success, and NULL on failure.
R cap_set_proc , capgetp and capsetp
return zero for success, and -1 on failure.
On failure,
errno(3)
is set to
R EINVAL ,
R EPERM,
or
R ENOMEM .
CONFORMING TO
cap_set_proc
and
cap_get_proc
are functions specified in the draft for POSIX.1e.
NOTES
The function
capsetp
should be used with care. It exists, primarily, to overcome a lack of
support for capabilities in any of the filesystems supported by Linux.
The semantics of this function may change as it is better understood.
Please note, by default, the only processes that have
CAP_SETPCAP
available to them are processes started as a kernel-thread.
(Typically this includes
init(8),
kflushd and kswapd). You will need to recompile the kernel to modify
this default.
SEE ALSO
R cap_clear (3),
R cap_copy_ext (3),
R cap_from_text (3),
R cap_get_file (3),
R cap_init (3)
ČLÁNKY DO MAILU