capget, capset - set/get process capabilities


SYNOPSIS

       #undef _POSIX_SOURCE
       #include <sys/capability.h>

       int   capget(cap_user_header_t   header,   cap_user_data_t
       data);

       int capset(cap_user_header_t header, const cap_user_data_t
       data);


DESCRIPTION

       As  of  Linux  2.2,  the power of the superuser (root) has
       been partitioned into  a  set  of  discrete  capabilities.
       Every  process has a set of effective capabilities identi­
       fying which capabilities (if any) it may  currently  exer­
       cise.   Every  process also has a set of inheritable capa­
       bilities that may be passed through an execve(2) and a set
       of  permitted  capabilites  that  it can make effective or
       inheritable.

       These two functions are the raw kernel interface for  get­
       ting  and setting capabilities.  Not only are these system
       calls specific to Linux, but the kernel API is  likely  to
       change  and use of these functions (in particular the for­
       mat of the cap_user_*_t types) is subject to  change  with
       each kernel revision.

       The    portable   interfaces   are   cap_set_proc(3)   and
       cap_get_proc(3); if possible you should use  those  inter­
       faces  in  applications.   If  you  wish  to use the Linux
       extensions in applications, you should use the  easier-to-
       use interfaces capsetp(3) and capgetp(3).


RETURN VALUE

       On  success,  zero is returned.  On error, -1 is returned,
       and errno is set appropriately.


ERRORS

       EINVAL One of the arguments was invalid.

       EPERM  An attempt was made to add a capability to the Per­
              mitted set, or to set a capability in the Effective
              or Inheritable sets that is not  in  the  Permitted
              set.


FURTHER INFORMATION

       The portable interface to the capability querying and set­
       ting functions is provided by the libcap  library  and  is
       available from here:
       ftp://linux.kernel.org/pub/linux/libs/security/linux-privs