blob: 48f5cc0200dd5cac544332fc71e2bf91c89d9721 [file] [log] [blame]
.TH CAP_CLEAR 3 "2008-05-11" "" "Linux Programmer's Manual"
.SH NAME
cap_clear, cap_clear_flag, cap_get_flag, cap_set_flag, cap_compare \- capability data object manipulation
.SH SYNOPSIS
.nf
.B #include <sys/capability.h>
.sp
.BI "int cap_clear(cap_t " cap_p );
.sp
.BI "int cap_clear_flag(cap_t " cap_p ", cap_flag_t " flag ");"
.sp
.BI "int cap_get_flag(cap_t " cap_p ", cap_value_t " cap ,
.BI " cap_flag_t " flag ", cap_flag_value_t *" value_p ");"
.sp
.BI "int cap_set_flag(cap_t " cap_p ", cap_flag_t " flag ", int " ncap ,
.BI " const cap_value_t *" caps \
", cap_flag_value_t " value ");"
.sp
.BI "int cap_compare(cap_t " cap_a ", cap_t " cap_b ");"
.sp
Link with \fI-lcap\fP.
.fi
.SH DESCRIPTION
These functions work on a capability state held in working storage.
A
.I cap_t
holds information about the capabilities in each of the three sets,
Permitted, Inheritable, and Effective.
Each capability in a set may be clear (disabled, 0) or set (enabled, 1).
.PP
These functions work with the following data types:
.TP 18
.I cap_value_t
identifies a capability, such as
.BR CAP_CHOWN .
.TP
.I cap_flag_t
identifies one of the three flags associated with a capability
(i.e., it identifies one of the three capability sets).
Valid values for this type are
.BR CAP_EFFECTIVE ,
.B CAP_INHERITABLE
or
.BR CAP_PERMITTED .
.TP
.I cap_flag_value_t
identifies the setting of a particular capability flag
(i.e, the value of a capability in a set).
Valid values for this type are
.B CAP_CLEAR
(0) or
.B CAP_SET
(1).
.PP
.BR cap_clear ()
initializes the capability state in working storage identified by
.I cap_p
so that all capability flags are cleared.
.PP
.BR cap_clear_flag ()
clears all of the capabilities of the specified capability flag,
.IR flag .
.PP
.BR cap_get_flag ()
obtains the current value of the capability flag,
.IR flag ,
of the capability,
.IR cap ,
from the capability state identified by
.I cap_p
and places it in the location pointed to by
.IR value_p .
.PP
.BR cap_set_flag ()
sets the flag,
.IR flag ,
of each capability in the array
.I caps
in the capability state identified by
.I cap_p
to
.IR value .
The argument,
.IR ncap ,
is used to specify the number of capabilities in the array,
.IR caps .
.PP
.BR cap_compare ()
compares two full capability sets and, in the spirit of
.BR memcmp (),
returns zero if the two capability sets are identical. A positive
return value,
.BR status ,
indicates there is a difference between them. The
returned value carries further information about which of three sets,
.I cap_flag_t
.BR flag ,
differ. Specifically, the macro
.B CAP_DIFFERS
.RI ( status ", " flag )
evaluates to non-zero if the returned status differs in its
.I flag
components.
.SH "RETURN VALUE"
.BR cap_clear (),
.BR cap_clear_flag (),
.BR cap_get_flag ()
.BR cap_set_flag ()
and
.BR cap_compare ()
return zero on success, and \-1 on failure. Other return values for
.BR cap_compare ()
are described above.
.PP
On failure,
.I errno
is set to
.BR EINVAL ,
indicating that one of the arguments is invalid.
.SH "CONFORMING TO"
These functions are as per the withdrawn POSIX.1e draft specification.
.BR cap_clear_flag ()
and
.BR cap_compare ()
are Linux extensions.
.SH "SEE ALSO"
.BR libcap (3),
.BR cap_copy_ext (3),
.BR cap_from_text (3),
.BR cap_get_file (3),
.BR cap_get_proc (3),
.BR cap_init (3),
.BR capabilities (7)