File: capget.2

package info (click to toggle)
manpages-ja 0.5.0.0.20100315-1
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 21,156 kB
  • ctags: 1
  • sloc: sh: 13,935; perl: 157; makefile: 114
file content (251 lines) | stat: -rw-r--r-- 7,678 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
 
.\" written by Andrew Morgan <morgan@kernel.org>
.\" may be distributed as per GPL
.\" Modified by David A. Wheeler <dwheeler@ida.org>
.\" Modified 2004-05-27, mtk
.\" Modified 2004-06-21, aeb
.\" Modified 2008-04-28, morgan of kernel.org
.\"     Update in line with addition of file capabilities and
.\"     64-bit capability sets in kernel 2.6.2[45].
.\" Modified 2009-01-26, andi kleen
.\"
.\" Japanese Version Copyright (c) 1999 HANATAKA Shinya
.\"         all rights reserved.
.\" Translated 1999-12-26, HANATAKA Shinya <hanataka@abyss.rim.or.jp>
.\" Updated & Modified 2005-02-03, Yuichi SATO <ysato444@yahoo.co.jp>
.\" Updated & Modified 2006-01-31, Akihiro MOTOKI <amotoki@dd.iij4u.or.jp>
.\" Updated & Modified 2006-07-23, Akihiro MOTOKI, LDP v2.36
.\" Updated & Modified 2008-08-11, Akihiro MOTOKI, LDP v3.05
.\" Updated 2009-02-24, Akihiro MOTOKI, LDP v3.19
.\"
.\"WORD:	capability		ѥӥƥ
.\"WORD:	effective capability	¸ѥӥƥ
.\"WORD:	inheritable capabilit	Ѿǽѥӥƥ
.\"WORD:	permitted capabily	ĥѥӥƥ
.\"
.TH CAPGET 2 2009-01-26 "Linux" "Linux Programmer's Manual"
.SH ̾
capget, capset \- åɤΥѥӥƥ/
.SH 
.B #undef _POSIX_SOURCE
.br
.B #include <sys/capability.h>
.sp
.BI "int capget(cap_user_header_t " hdrp ", cap_user_data_t " datap );
.sp
.BI "int capset(cap_user_header_t " hdrp ", const cap_user_data_t " datap );
.SH 
Linux 2.2 ǡѡ桼 (root) θ¤ϡ̤Υѥӥƥ
(capabilities) ؤʬ䤵졢νȤɽ褦ˤʤä
ƥåɤϡּ¸ѥӥƥ (effective capability) νפ
ˤäƸߤɤ¹Բǽ̤Ǥ롣
ޤƥåɤϡ
ַѾǽѥӥƥ (inheritable capability) νפ
ֵĥѥӥƥ (permitted capability) νפġ
ַѾǽѥӥƥνפ
.BR execve (2)
̤ϤȤǤ륱ѥӥƥνǤꡢ
ֵĥѥӥƥ (permitted capability) νפ
¸ѥӥƥѾǽѥӥƥȤͭˤǤ
ѥӥƥꤹΤǤ롣
.PP
ĤδؿϥåɤΥѥӥƥꤷꤹ뤿
Υͥ륤󥿡եǤ롣
Υƥॳ Linux ͭǤȤǤʤ
ͥ API ѹ뤫⤷줺
ؿλˡ (ä
.I cap_user_*_t
Ȥ) ϥͥΥӥ˳ĥ뤫⤷ʤ
ΥץϤΤޤư롣
.sp
ܿΤ륤󥿡ե
.BR cap_set_proc (3)

.BR cap_get_proc (3)
Ǥ롣
ǽʤХץꥱϤδؿѤ٤Ǥ롣
ץꥱ Linux ĥѤˤϡñ
Ȥ륤󥿡եǤ
.BR capsetp (3)

.BR capgetp (3)
Ѥ٤Ǥ롣
.SS ߤξܺ
ߤΥͥξܺ٤ˤĤդҤ٤Ƥ
¤ΤϰʲΤ褦롣
.sp
.nf
.in +4n
#define _LINUX_CAPABILITY_VERSION_1  0x19980330
#define _LINUX_CAPABILITY_U32S_1     1

#define _LINUX_CAPABILITY_VERSION_2  0x20071026
#define _LINUX_CAPABILITY_U32S_2     2

typedef struct __user_cap_header_struct {
   __u32 version;
   int pid;
} *cap_user_header_t;

typedef struct __user_cap_data_struct {
   __u32 effective;
   __u32 permitted;
   __u32 inheritable;
} *cap_user_data_t;
.fi
.in -4n
.sp
.I effective, permitted, inheritable
ϡ
.BR capability (7)
륱ѥӥƥΥӥåȥޥǤ롣
.I CAP_*
ϥӥåֹɽǥåͤǤꡢ
ӥåȥեɤ OR Ԥ
.I CAP_*
ͤʬӥåȥեȤԤɬפ롣
typedef ϥݥ󥿤ʤΤǡ
ΥƥॳϤ¤Τˤϡ
.I struct __user_cap_header_struct

.I struct __user_cap_data_struct
Ȥ̾ѤʤФʤʤ

ͥ 2.6.25 ǤϡС
.B _LINUX_CAPABILITY_VERSION_1
 32 ӥåȥѥӥƥ侩Ǥ롣
ͥ 2.6.25 ʹߤǤϡС
.B _LINUX_CAPABILITY_VERSION_2
 64 ӥåȥѥӥƥ侩Ǥ롣
64 ӥåȥѥӥƥǤ
.IR datap [0]

.IR datap [1]
ѤΤФ
32 ӥåȥѥӥƥǤ
.IR datap [0]
Ѥ롣
.sp
Υƥॳεư˱ƶ⤦Ĥѹϡ
ե륱ѥӥƥ (file capabilities) Υͥˤ륵ݡ
(VFS ѥӥƥΥݡ) Ǥ롣
VFS ѥӥƥΥݡȤϸߤΤȤѥΥץǤ
(ͥ 2.6.24 ɲä줿)
.sp
.BR capget ()
Ǥϡ
.I hdrp->pid
Υեͤ˥ѥӥƥΤꤿץΥץ ID 
ꤹ뤳ȤǡǤդΥץΥѥӥƥĴ٤뤳ȤǤ롣
.SS VFS ѥӥƥݡȤƤ
VFS ѥӥƥΥݡȤǤϡø¹ԥե˥ѥӥƥ
ɲä뤿Υե°᥽åɤ줿
øǥƳˤꡢץˤ̤ΥץΥѥӥƥ
Ʊꤹ뵡ǽΥͥˤ륵ݡȤѻߤ롣
ĤޤꡢVFS ݡȤǤϡ
.BR capset ()
ƤӽФݤ
.I hdrp->pid
ͤȤƵΤ 0 
.BR getpid (2)
֤ͤȤʤ (ɤͤǤǤ)
.SS VFS ѥӥƥݡȤƤʤ
ͥ뤬 VFS ѥӥƥ򥵥ݡȤƤʤ硢
.I hdrp

.I pid
եɤ 0 ʳǤС
.BR capset ()
оݤ
.I pid
ǻꤵ줿åɤΥѥӥƥˤʤ롣
.I pid
 0 ξϸƤӽФΥåɤΥѥӥƥоݤȤʤ롣
.I pid
󥰥륹åɡץ򻲾ȤƤ硢
.I pid
ϰȤƤץID ȤäƻǤ롣
ޥåɡץΤ륹åɤоݤˤϡ
.BR gettid (2)
֤åID Ѥƻꤹɬפ롣
ޤ
.BR capset ()
Ǥ \-1  \-1 꾮ͤꤹ뤳ȤǤ롣
\-1 ϸƤӽФ
.BR init (8)
ƤΥåɤоݤȤѹԤȤ
\-1 꾮ͤ ID  \-\fIpid\fP Υץ롼פ
оݤȤѹԤȤ̣롣

Υǡξܺ٤
.BR capabilities (7)
򻲾Ȥ뤳ȡ
.SH ֤
ˤ 0 ֤顼ξˤ \-1 ֤
.I errno
Ŭڤꤹ롣

.I hdrp
Υե
.I version
˥ݡȤƤʤͤꤵ줿硢
ƤӽФϥ顼
.B EINVAL
ǼԤ
.I version
˥ͥ侩
.B _LINUX_CAPABILITY_VERSION_?
ꤹ롣
Τ褦ˤơߤο侩ѥӥƥӥ󤬲
Ĵ٤뤳ȤǤ롣
.SH 顼
.TP
.B EFAULT
ʥꥢɥ쥹
.I hdrp
 NULL ǤäƤϤʤʤ
.I datap
 NULL ꤷƤ褤Τϡ桼ͥ뤬ݡȤƤ
侩ΥѥӥƥСȽꤷ褦ȤƤȤǤ롣
.TP
.B EINVAL
Τɤ줫̵Ǥ롣
.TP
.B EPERM
ֵĥѥӥƥåȡפ˥ѥӥƥɲä褦ȤƤ뤫
⤷ϡֵĥѥӥƥåȡפ˴ޤޤʤѥӥƥ
ּ¸ѥӥƥåȡפַѾǽѥӥƥåȡפ
åȤ褦ȤƤ롣
.TP
.B EPERM
ƤӽФʬʳΥåɤΥѥӥƥ
.BR capset ()
Ȥäƽ褦Ȥʬøʤä
VFS ѥӥƥ򥵥ݡȤƤ륫ͥǤϡ
Ĥ뤳ȤϷ褷Ƥʤ
VFS ѥӥƥ򥵥ݡȤƤʤͥǤϡ
.B CAP_SETPCAP
ѥӥƥɬפǤ롣
(С 2.6.11 Υͥˤϡ
Υѥӥƥʤåɤ
.I pid
եɤ 0 Ǥʤ (Ĥޤꡢ0 
.BR getpid (2)
֤) ꤷƼʬȤΥѥӥƥѹ褦Ȥˤ⡢
Υ顼ȯȤХä)
.TP
.B ESRCH
Τ褦ʥåɤ¸ߤʤ
.SH 
Υƥॳ Linux ȼǤ롣
.SH 
ѥӥƥꤷꤹ뵡ǽΤΰܿ
󥿡ե
.I libcap
饤֥ˤä󶡤롣
Υ饤֥ϰʲǤ:
.br
http://www.kernel.org/pub/linux/libs/security/linux-privs
.SH Ϣ
.BR clone (2),
.BR gettid (2),
.BR capabilities (7)