File: cap_get_bound.3

package info (click to toggle)
libcap2 0.cvs.20010529-4
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 496 kB
  • ctags: 240
  • sloc: ansic: 1,606; makefile: 147
file content (91 lines) | stat: -rw-r--r-- 2,358 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
.\"
.\" $Id: cap_get_bound.3,v 1.1.2.1 2001/01/15 00:37:49 agmorgan Exp $
.\"
.TH CAP_GET_BOUND 3 "14 Jan 2001" "" "Linux Programmer's Manual"
.SH NAME
cap_get_bound, cap_set_bound \- capability limits for processes
.SH SYNOPSIS
.B #include <sys/capability.h>
.sp
.BI "cap_t cap_get_bound(cap_flag_t " flag );
.br
.BI "int cap_set_bound(cap_t " cap_p ", cap_flag_t " flag );

.SH USAGE
.br
.B cc ... -lcap
.SH DESCRIPTION
.B cap_get_bound
allocates an empty capability state in working storage, sets one of
the three capability sets (as determined by
.I flag
) to the current capability bound of the calling process, and returns
a pointer to this newly created capability state.  The other two
capability sets contained within the returned
.I cap_t
remain empty. The caller should free any releasable memory, when the
capability state in working storage is no longer required, by calling
.B cap_free
with the
.I cap_t
as an argument.
.sp
The capabilities on a given process are also available from the
.B /proc/<pid>/status
file.
.PP
.B cap_set_bound
sets the value of the process' capability bound to equal the
.I flag
component of the capability set,
.IR cap_p .
The other two capability sets contained within
.I cap_p
are ignored by this call. Note, to effect this change, the current
process must have a raised
.B CAP_SETPCAP
effective capability.
.sp
In this file, the capability bound is labeled "CapX". The reason
it is labeled "X" is in association with the formula for evolving
capabilities through
.BR execve (2):
.sp
pI' = pI
.br
pP' = ( fP & X ) | ( fI & pI )
.br
pE' = fE & pP' .
.sp
Finally, note that "X" is not a complete bound on the capabilities
that can be inherited through an
.BR execve (2).
To fully bound a child process the parent process should empty the
inheritable set too (see
.BR cap_get_proc (3)).

.SH "RETURN VALUE"
.B cap_get_bound
returns a non-NULL value on success, and NULL on failure.
.PP
.B cap_set_bound
returns zero for success, and \-1 on failure.
.PP
On failure,
.BR errno (3)
is set to
.BR EINVAL ,
.BR EPERM,
or
.BR ENOMEM .
.SH "CONFORMING TO"
.BR cap_get_bound " and " cap_set_bound
describe the Linux implementation of the implementation specific
component to the POSIX.1e capability rules.

.SH "SEE ALSO"
.IR cap_clear (3),
.IR cap_copy_ext (3),
.IR cap_from_text (3),
.IR cap_get_proc (3),
.IR cap_init (3)