| .\" |
| .\" $Id: _setfilecap.2,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ |
| .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> |
| .\" |
| .TH _SETFILECAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual" |
| .SH NAME |
| _setfilecap, _getfilecap, _fsetfilecap, _fgetfilecap \- set/get file capabilities |
| .SH SYNOPSIS |
| .B #include <sys/capability.h> |
| .sp |
| .BI "int _setfilecap(char const *" filename ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset ); |
| .sp |
| .BI "int _getproccap(char const *" filename ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset ); |
| .sp |
| .BI "int _fsetfilecap(int " fd ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset ); |
| .sp |
| .BI "int _fgetproccap(int " fd ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset ); |
| .SH USAGE |
| .br |
| .B cc ... -lcap |
| .SH DESCRIPTION |
| .B _setfilecap |
| sets the specified |
| .IR filename 's |
| Inheritable, Permitted and Effective capabilities to the sets specified. |
| A NULL pointer specifies that a set should not be changed. |
| .PP |
| .B _fsetfilecap |
| does the same thing to the file referenced by file descriptor |
| .IR fd . |
| .PP |
| .B _getfilecap |
| and |
| .B _fgetfilecap |
| copy the file's capability sets into the sets provided. |
| A NULL pointer specifies that a set should not be returned. |
| .PP |
| The |
| .I usize |
| argument specifies the size of the user-space capability sets, in bytes. |
| If the kernel uses a different size internally, it will truncate or |
| zero-fill as required. |
| .PP |
| Files don't actually have a proper Effective capability set. Instead they |
| have a single-bit flag, that indicates that the set is either full or |
| empty. When setting a file's capabilities, that flag will be set if |
| and only if the Effective set specified has at least one bit set. |
| .SH "RETURN VALUE" |
| On success, zero is returned. On error, -1 is returned, and |
| .I errno |
| is set appropriately. |
| .SH ERRORS |
| .TP |
| .SB EFAULT |
| One of the capability arguments or the filename was an invalid data pointer. |
| .TP |
| .SB EPERM |
| An attempt was made to set non-empty capabilities on a file, |
| and the caller does not have the |
| .SB CAP_FSETCAP |
| capability raised. |
| .TP |
| .SB EPERM |
| An attempt was made to set capabilities on a file, and |
| the effective UID does not match the owner of the file, and the caller |
| does not have the |
| .SB CAP_FOWNER |
| capability raised. |
| .TP |
| .SB EINVAL |
| An attempt was made to set non-empty capabilities on a file |
| residing on a file system that does not support them. |
| .TP |
| .SB EROFS |
| An attempt was made to set capabilities on a file residing |
| on a read-only file system. |
| .TP |
| .SB ENAMETOOLONG |
| .I filename |
| is too long. |
| .TP |
| .SB ENOENT |
| The file specified does not exist. |
| .TP |
| .SB ENOMEM |
| Insufficient kernel memory was available. |
| .TP |
| .SB ENOTDIR |
| A component of the path prefix is not a directory. |
| .TP |
| .SB EACCES |
| Search permission is denied on a component of the path prefix. |
| .TP |
| .SB ELOOP |
| .I filename |
| containes a circular reference (via symlinks). |
| .TP |
| .SB EBADF |
| .I fd |
| is not a valid file descriptor. |
| .TP |
| .SB EIO |
| A hard error occurred while reading or writing the file system. |
| .TP |
| .SB ENOSYS |
| The POSIX.1e capability system was not configured into the kernel. |
| .SH "CONFORMING TO" |
| These system calls are specific to Linux. |
| The portable interfaces are |
| .IR cap_set_file (3), |
| .IR cap_get_file (3), |
| .IR cap_set_fd (3), |
| and |
| .IR cap_get_fd (3). |
| .SH "SEE ALSO" |
| .IR _setproccap (2). |
| |