CAPGET(2) Linux Programmer's Manual CAPGET(2)
NAME
capget, capset - set/get process capabilities
SYNOPSIS
#undef _POSIX_SOURCE
#include <sys/capability.h>
int capget(cap_user_header_t header, cap_user_data_t
data);
int capset(cap_user_header_t header, const cap_user_data_t
data);
DESCRIPTION
As of Linux 2.2, the power of the superuser (root) has
been partitioned into a set of discrete capabilities.
Every process has a set of effective capabilities identi-
fying which capabilities (if any) it may currently exer-
cise. Every process also has a set of inheritable capa-
bilities that may be passed through an execve(2) and a set
of permitted capabilites that it can make effective or
inheritable.
These two functions are the raw kernel interface for get-
ting and setting capabilities. Not only are these system
calls specific to Linux, but the kernel API is likely to
change and use of these functions (in particular the for-
mat of the cap_user_*_t types) is subject to change with
each kernel revision.
The portable interfaces are cap_set_proc(3) and
cap_get_proc(3); if possible you should use those inter-
faces in applications. If you wish to use the Linux
extensions in applications, you should use the easier-to-
use interfaces capsetp(3) and capgetp(3).
RETURN VALUE
On success, zero is returned. On error, -1 is returned,
and errno is set appropriately.
ERRORS
EINVAL One of the arguments was invalid.
EPERM An attempt was made to add a capability to the Per-
mitted set, or to set a capability in the Effective
or Inheritable sets that is not in the Permitted
set.
FURTHER INFORMATION
The portable interface to the capability querying and set-
ting functions is provided by the libcap library and is
available from here:
ftp://linux.kernel.org/pub/linux/libs/security/linux-privs
Linux 2.2 9 Sept 1999 1