1CAPNG_APPLY(3) Libcap-ng API CAPNG_APPLY(3)
2
6 capng_apply - apply the stored capabilities settings
7
9 #include <cap-ng.h>
10 int capng_apply(capng_select_t set);
12
15 capng_apply will transfer the specified internal posix capabilities
16 settings to the kernel. The options are CAPNG_SELECT_CAPS for the tra‐
17 ditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set,
18 CAPNG_SELECT_BOTH if transferring both is desired, CAPNG_SELECT_AMBIENT
19 if only operating on the ambient capabilities, or CAPNG_SELECT_ALL if
20 applying all is desired.
21
24 This returns 0 on success and a negative value on failure. The values
25 are:
26 -1 not initialized
28 -2 CAPNG_SELECT_BOUNDS and failure to drop a bounding set capa‐
30 bility
31 -3 CAPNG_SELECT_BOUNDS and failure to re-read bounding set
33 -4 CAPNG_SELECT_BOUNDS and process does not have CAP_SETPCAP
35 -5 CAPNG_SELECT_CAPS and failure in capset syscall
37 -6 CAPNG_SELECT_AMBIENT and process has no capabilities and
39 failed clearing ambient capabilities
40 -7 CAPNG_SELECT_AMBIENT and process has capabilities and failed
42 clearing ambient capabilities
43 -8 CAPNG_SELECT_AMBIENT and process has capabilities and failed
45 setting an ambient capability
46
49 If you are doing multi-threaded programming, calling this function will
50 only set capabilities on the calling thread. All other threads are un‐
51 affected. If you want to set overall capabilities for a multi-threaded
52 process, you will need to do that before creating any threads. See the
53 capset syscall for more information on this topic.
54 Also, bits in the bounding set can only be dropped. You cannot set
56 them. After dropping bounding set capabilities, the bounding set is
57 synchronized with the kernel to reflect the true state in the kernel.
58
61 capset(2), capng_update(3), capabilities(7)
62
65 Steve Grubb
66Red Hat Sept 2020 CAPNG_APPLY(3)