You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 lines
3.3 KiB
134 lines
3.3 KiB
.TH CAP_CLEAR 3 "2008-05-11" "" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
cap_clear, cap_clear_flag, cap_get_flag, cap_set_flag, cap_compare \- capability data object manipulation
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.B #include <sys/capability.h>
|
|
.sp
|
|
.BI "int cap_clear(cap_t " cap_p );
|
|
.sp
|
|
.BI "int cap_clear_flag(cap_t " cap_p ", cap_flag_t " flag ");"
|
|
.sp
|
|
.BI "int cap_get_flag(cap_t " cap_p ", cap_value_t " cap ,
|
|
.BI " cap_flag_t " flag ", cap_flag_value_t *" value_p ");"
|
|
.sp
|
|
.BI "int cap_set_flag(cap_t " cap_p ", cap_flag_t " flag ", int " ncap ,
|
|
.BI " const cap_value_t *" caps \
|
|
", cap_flag_value_t " value ");"
|
|
.sp
|
|
.BI "int cap_compare(cap_t " cap_a ", cap_t " cap_b ");"
|
|
.sp
|
|
Link with \fI\-lcap\fP.
|
|
.fi
|
|
.SH DESCRIPTION
|
|
These functions work on a capability state held in working storage.
|
|
A
|
|
.I cap_t
|
|
holds information about the capabilities in each of the three sets,
|
|
Permitted, Inheritable, and Effective.
|
|
Each capability in a set may be clear (disabled, 0) or set (enabled, 1).
|
|
.PP
|
|
These functions work with the following data types:
|
|
.TP 18
|
|
.I cap_value_t
|
|
identifies a capability, such as
|
|
.BR CAP_CHOWN .
|
|
.TP
|
|
.I cap_flag_t
|
|
identifies one of the three flags associated with a capability
|
|
(i.e., it identifies one of the three capability sets).
|
|
Valid values for this type are
|
|
.BR CAP_EFFECTIVE ,
|
|
.B CAP_INHERITABLE
|
|
or
|
|
.BR CAP_PERMITTED .
|
|
.TP
|
|
.I cap_flag_value_t
|
|
identifies the setting of a particular capability flag
|
|
(i.e, the value of a capability in a set).
|
|
Valid values for this type are
|
|
.B CAP_CLEAR
|
|
(0) or
|
|
.B CAP_SET
|
|
(1).
|
|
.PP
|
|
.BR cap_clear ()
|
|
initializes the capability state in working storage identified by
|
|
.I cap_p
|
|
so that all capability flags are cleared.
|
|
.PP
|
|
.BR cap_clear_flag ()
|
|
clears all of the capabilities of the specified capability flag,
|
|
.IR flag .
|
|
.PP
|
|
.BR cap_get_flag ()
|
|
obtains the current value of the capability flag,
|
|
.IR flag ,
|
|
of the capability,
|
|
.IR cap ,
|
|
from the capability state identified by
|
|
.I cap_p
|
|
and places it in the location pointed to by
|
|
.IR value_p .
|
|
.PP
|
|
.BR cap_set_flag ()
|
|
sets the flag,
|
|
.IR flag ,
|
|
of each capability in the array
|
|
.I caps
|
|
in the capability state identified by
|
|
.I cap_p
|
|
to
|
|
.IR value .
|
|
The argument,
|
|
.IR ncap ,
|
|
is used to specify the number of capabilities in the array,
|
|
.IR caps .
|
|
.PP
|
|
.BR cap_compare ()
|
|
compares two full capability sets and, in the spirit of
|
|
.BR memcmp (),
|
|
returns zero if the two capability sets are identical. A positive
|
|
return value,
|
|
.BR status ,
|
|
indicates there is a difference between them. The
|
|
returned value carries further information about which of three sets,
|
|
.I cap_flag_t
|
|
.BR flag ,
|
|
differ. Specifically, the macro
|
|
.B CAP_DIFFERS
|
|
.RI ( status ", " flag )
|
|
evaluates to non-zero if the returned status differs in its
|
|
.I flag
|
|
components.
|
|
.SH "RETURN VALUE"
|
|
.BR cap_clear (),
|
|
.BR cap_clear_flag (),
|
|
.BR cap_get_flag ()
|
|
.BR cap_set_flag ()
|
|
and
|
|
.BR cap_compare ()
|
|
return zero on success, and \-1 on failure. Other return values for
|
|
.BR cap_compare ()
|
|
are described above.
|
|
.PP
|
|
On failure,
|
|
.I errno
|
|
is set to
|
|
.BR EINVAL ,
|
|
indicating that one of the arguments is invalid.
|
|
.SH "CONFORMING TO"
|
|
These functions are as per the withdrawn POSIX.1e draft specification.
|
|
.BR cap_clear_flag ()
|
|
and
|
|
.BR cap_compare ()
|
|
are Linux extensions.
|
|
.SH "SEE ALSO"
|
|
.BR libcap (3),
|
|
.BR cap_copy_ext (3),
|
|
.BR cap_from_text (3),
|
|
.BR cap_get_file (3),
|
|
.BR cap_get_proc (3),
|
|
.BR cap_init (3),
|
|
.BR capabilities (7)
|