_cap_names(3)

1CAP_FROM_TEXT(3)           Linux Programmer's Manual          CAP_FROM_TEXT(3)
2
3
4

NAME

6       cap_from_text,  cap_to_text, _cap_names - capability state textual rep‐
7       resentation translation
8

SYNOPSIS

10       #include <sys/capability.h>
11
12       cap_t cap_from_text(const char *buf_p);
13
14       char *cap_to_text(cap_t caps, ssize_t *length_p);
15
16       extern char const *_cap_names[];
17

USAGE

19       cc ... -lcap
20

DESCRIPTION

22       These functions translate a capability state from an internal represen‐
23       tation  into  a textual one.  The internal representation is managed by
24       the capability functions in working storage. The textual representation
25       is a structured, human-readable, string suitable for display.
26
27       cap_from_text  allocates  and initializes a capability state in working
28       storage. It then sets the contents  of  this  newly-created  capability
29       state to the state represented by human-readable, null terminated char‐
30       acter string pointed to by buf_p.  It returns a pointer  to  the  newly
31       created  capability  state.  The caller should free any releasable mem‐
32       ory, when  the  capability  state  in  working  storage  is  no  longer
33       required,  by calling cap_free with cap_t as an argument.  The function
34       returns an error if it cannot parse the contents of the string  pointed
35       to by buf_p or does not recognize any capability_name or flag character
36       as valid.  The function also returns an error if any flag is  both  set
37       and cleared within a single clause.
38
39       cap_to_text converts the capability state in working storage identified
40       by cap_p into a null terminated human-readable string.   This  function
41       allocates  any  memory  necessary  to contain the string, and returns a
42       pointer to the string.  If the pointer len_p is not NULL, the  function
43       shall also return the full length of the string (not including the null
44       terminator) in the location pointed to by len_p.  The capability  state
45       in  working  storage, identified by cap_p, is completely represented in
46       the character string.  The caller should free  any  releasable  memory,
47       when  the capability state in working storage is no longer required, by
48       calling cap_free with cap_p as an argument.
49
50       _cap_names is  an  array  of  textual  names  for  capability  numbers.
51       Unnamed  capabilities have a NULL entry.  (This array is not defined by
52       POSIX.1e.)
53

TEXTUAL REPRESENTATION

55       A textual representation of capability sets consists  of  one  or  more
56       whitespace-separated clauses.  Each clause specifies some operations to
57       a capability set; the set starts out with all capabilities lowered, and
58       the  meaning of the string is the state of the capability set after all
59       the clauses have been applied in order.
60
61       Each clause consists of a list of comma-separated capability names  (or
62       the  word  `all'), followed by an action-list.  An action-list consists
63       of a sequence of operator flag pairs.  Legal operators are:  `=',  '+',
64       and  `-'.   Legal  flags are: `e', `i', and `p'.  These flags are case-
65       sensitive and specify the Effective,  Inheritable  and  Permitted  sets
66       respectively.
67
68       In the capability name lists, all names are case-insensitive.  The spe‐
69       cial name `all' specifies all capabilities; it is equivalent to a  list
70       naming every capability individually.
71
72       Although not defined by POSIX, unnamed capabilities can be specified by
73       number.
74
75       The `=' operator indicates that the listed capabilities are first reset
76       in all three capability sets.  The subsequent flags (which are optional
77       when associated with this operator) indicate that the listed  capabili‐
78       ties  for the corresponding set are to be raised.  For example: "all=p"
79       means lower every capability in the Effective and Inheritable sets  but
80       raise  all  of  the  Permitted  capabilities; or, "cap_fowner=ep" means
81       raise the Effective and Permitted  override-file-ownership  capability,
82       while lowering this Inheritable capability.
83
84       In  the case that the leading operator is `=', and no list of capabili‐
85       ties is provided, the action-list is assumed to refer to `all' capabil‐
86       ities.  For example, the following three clauses are equivalent to each
87       other (and indicate a completely empty capability  set):  "all=";  "=";
88       "cap_chown,<every-other-capability>=".
89
90       The  operators, `+' and `-' both require an explicit preceding capabil‐
91       ity list and one or more explicit trailing  flags.   The  `+'  operator
92       will  raise  all  of  the listed capabilities in the flagged capability
93       sets.  The `-' operator will lower all of the  listed  capabilities  in
94       the  flagged  capability  sets.  For example: "all+p" will raise all of
95       the Permitted capabilities; "cap_fowner+p-i" will raise  the  override-
96       file-ownership  capability  in  the  Permitted capability set and lower
97       this Inheritable capability; "cap_fowner+pe-i" and "cap_fowner=+pe" are
98       equivalent.
99

RETURN VALUE

101       cap_from_text  and  cap_to_text return a non-NULL value on success, and
102       NULL on failure.
103
104       On failure, errno(3) is set to EINVAL, or ENOMEM.
105

CONFORMING TO

107       cap_from_text and cap_to_text are specified by POSIX.1e.  _cap_names is
108       a Linux extension.
109