1CAPNG_APPLY(3)                   Libcap-ng API                  CAPNG_APPLY(3)
2
3
4

NAME

6       capng_apply - apply the stored capabilities settings
7

SYNOPSIS

9       #include <cap-ng.h>
10
11       int capng_apply(capng_select_t set);
12
13

DESCRIPTION

15       capng_apply  will  transfer  the  specified internal posix capabilities
16       settings to the kernel. The options are CAPNG_SELECT_CAPS for the  tra‐
17       ditional   capabilities,  CAPNG_SELECT_BOUNDS  for  the  bounding  set,
18       CAPNG_SELECT_BOTH if transferring both is desired, CAPNG_SELECT_AMBIENT
19       if  only  operating on the ambient capabilities, or CAPNG_SELECT_ALL if
20       applying all is desired.
21
22

RETURN VALUE

24       This returns 0 on success and a negative value on failure.  The  values
25       are:
26
27              -1 not initialized
28
29              -2  CAPNG_SELECT_BOUNDS and failure to drop a bounding set capa‐
30              bility
31
32              -3 CAPNG_SELECT_BOUNDS and failure to re-read bounding set
33
34              -4 CAPNG_SELECT_BOUNDS and process does not have CAP_SETPCAP
35
36              -5 CAPNG_SELECT_CAPS and failure in capset syscall
37
38              -6 CAPNG_SELECT_AMBIENT and  process  has  no  capabilities  and
39              failed clearing ambient capabilities
40
41              -7  CAPNG_SELECT_AMBIENT and process has capabilities and failed
42              clearing ambient capabilities
43
44              -8 CAPNG_SELECT_AMBIENT and process has capabilities and  failed
45              setting an ambient capability
46
47

NOTES

49       If you are doing multi-threaded programming, calling this function will
50       only set capabilities on the calling thread. All other threads are  un‐
51       affected.  If you want to set overall capabilities for a multi-threaded
52       process, you will need to do that before creating any threads. See  the
53       capset syscall for more information on this topic.
54
55       Also,  bits  in  the  bounding  set can only be dropped. You cannot set
56       them. After dropping bounding set capabilities,  the  bounding  set  is
57       synchronized with the kernel to reflect the true state in the kernel.
58
59

SEE ALSO

61       capset(2), capng_update(3), capabilities(7)
62
63

AUTHOR

65       Steve Grubb
66
67
68
69Red Hat                            Sept 2020                    CAPNG_APPLY(3)
Impressum