1CAPNG_LOCK(3) Libcap-ng API CAPNG_LOCK(3)
2
6 capng_lock - lock the current process capabilities settings
7
9 #include <cap-ng.h>
10 int capng_lock(void);
12
15 capng_lock will take steps to prevent children of the current process
16 to regain full privileges if the uid is 0. This should be called while
17 possessing the CAP_SETPCAP capability in the kernel. This function will
18 do the following if permitted by the kernel: Set the NOROOT option on
19 for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for
20 PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for
21 PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for
22 PR_SET_SECUREBITS.
23
27 This returns 0 on success and a negative number on failure. -1 means a
28 failure setting any of the PR_SET_SECUREBITS options.
29
32 capng_apply(3), prctl(2), capabilities(7)
33
36 Steve Grubb
37Red Hat June 2009 CAPNG_LOCK(3)