1CAP_CLEAR(3)               Linux Programmer's Manual              CAP_CLEAR(3)
2
3
4

NAME

6       cap_clear,  cap_clear_flag,  cap_get_flag,  cap_set_flag, cap_compare -
7       capability data object manipulation
8

SYNOPSIS

10       #include <sys/capability.h>
11
12       int cap_clear(cap_t cap_p);
13
14       int cap_clear_flag(cap_t cap_p, cap_flag_t flag);
15
16       int cap_get_flag(cap_t cap_p, cap_value_t cap,
17                        cap_flag_t flag, cap_flag_value_t *value_p);
18
19       int cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap,
20                        const cap_value_t *caps, cap_flag_value_t value);
21
22       int cap_compare(cap_t cap_a, cap_t cap_b);
23
24       Link with -lcap.
25

DESCRIPTION

27       These functions work on a capability state held in working storage.   A
28       cap_t  holds  information  about  the capabilities in each of the three
29       sets, Permitted, Inheritable, and Effective.  Each capability in a  set
30       may be clear (disabled, 0) or set (enabled, 1).
31
32       These functions work with the following data types:
33
34       cap_value_t       identifies a capability, such as CAP_CHOWN.
35
36       cap_flag_t        identifies  one  of the three flags associated with a
37                         capability (i.e., it  identifies  one  of  the  three
38                         capability  sets).   Valid  values  for this type are
39                         CAP_EFFECTIVE, CAP_INHERITABLE or CAP_PERMITTED.
40
41       cap_flag_value_t  identifies the setting  of  a  particular  capability
42                         flag  (i.e,  the  value  of  a  capability in a set).
43                         Valid values for  this  type  are  CAP_CLEAR  (0)  or
44                         CAP_SET (1).
45
46       cap_clear() initializes the capability state in working storage identi‐
47       fied by cap_p so that all capability flags are cleared.
48
49       cap_clear_flag() clears all of the capabilities of the specified  capa‐
50       bility flag, flag.
51
52       cap_get_flag()  obtains the current value of the capability flag, flag,
53       of the capability, cap, from the capability state identified  by  cap_p
54       and places it in the location pointed to by value_p.
55
56       cap_set_flag()  sets  the  flag,  flag, of each capability in the array
57       caps in the capability state identified by cap_p to value.   The  argu‐
58       ment, ncap, is used to specify the number of capabilities in the array,
59       caps.
60
61       cap_compare() compares two full capability sets and, in the  spirit  of
62       memcmp(), returns zero if the two capability sets are identical. A pos‐
63       itive return value, status, indicates there  is  a  difference  between
64       them.  The  returned  value  carries further information about which of
65       three sets, cap_flag_t flag, differ. Specifically, the  macro  CAP_DIF‐
66       FERS  (status,  flag) evaluates to non-zero if the returned status dif‐
67       fers in its flag components.
68

RETURN VALUE

70       cap_clear(),  cap_clear_flag(),   cap_get_flag()   cap_set_flag()   and
71       cap_compare()  return  zero on success, and -1 on failure. Other return
72       values for cap_compare() are described above.
73
74       On failure, errno is set to EINVAL, indicating that one  of  the  argu‐
75       ments is invalid.
76

CONFORMING TO

78       These  functions are as per the withdrawn POSIX.1e draft specification.
79       cap_clear_flag() and cap_compare() are Linux extensions.
80

SEE ALSO

82       libcap(3),    cap_copy_ext(3),    cap_from_text(3),    cap_get_file(3),
83       cap_get_proc(3), cap_init(3), capabilities(7)
84
85
86
87                                  2008-05-11                      CAP_CLEAR(3)
Impressum