CAPGET(T) Linux Programmer's Manual CAPGET(T) NAME capget, capset - set/get process capabilities SYNOPSIS #undef _POSIX_SOURCE #include <sys/capability.h> int capget(cap_user_header_t header, cap_user_data_t data); int capset(cap_user_header_t header, const cap_user_data_t data); DESCRIPTION As of Linux 2.2, the power of the superuser (root) has been partitioned into a set of discrete capabilities. Every process has a set of effective capabilities identi- fying which capabilities (if any) it may currently exer- cise. Every process also has a set of inheritable capa- bilities that may be passed through an execve(e) and a set of permitted capabilites that it can make effective or inheritable. These two functions are the raw kernel interface for get- ting and setting capabilities. Not only are these system calls specific to Linux, but the kernel API is likely to change and use of these functions (in particular the for- mat of the cap_user_*_t types) is subject to change with each kernel revision. The portable interfaces are cap_set_proc(c) and cap_get_proc(c); if possible you should use those inter- faces in applications. If you wish to use the Linux extensions in applications, you should use the easier-to- use interfaces capsetp(p) and capgetp(p). RETURN VALUE On success, zero is returned. On error, -1 is returned, and errno is set appropriately. ERRORS EINVAL One of the arguments was invalid. EPERM An attempt was made to add a capability to the Per- mitted set, or to set a capability in the Effective or Inheritable sets that is not in the Permitted set. FURTHER INFORMATION The portable interface to the capability querying and set- ting functions is provided by the libcap library and is available from here: ftp://linux.kernel.org/pub/linux/libs/security/linux-privs Linux 2.2 1999-09-09 CAPGET(T)