]>
Commit | Line | Data |
---|---|---|
b2a44c2e MK |
1 | .\" Copyright: written by Andrew Morgan <morgan@kernel.org> |
2 | .\" and Copyright 2006, 2008, Michael Kerrisk <tmk.manpages@gmail.com> | |
2297bf0e | 3 | .\" |
95fb8859 | 4 | .\" SPDX-License-Identifier: GPL-1.0-or-later |
dccaff1e | 5 | .\" |
fea681da MK |
6 | .\" Modified by David A. Wheeler <dwheeler@ida.org> |
7 | .\" Modified 2004-05-27, mtk | |
8 | .\" Modified 2004-06-21, aeb | |
949892a7 MK |
9 | .\" Modified 2008-04-28, morgan of kernel.org |
10 | .\" Update in line with addition of file capabilities and | |
11 | .\" 64-bit capability sets in kernel 2.6.2[45]. | |
065c5436 | 12 | .\" Modified 2009-01-26, andi kleen |
fea681da | 13 | .\" |
4c1c5274 | 14 | .TH capget 2 (date) "Linux man-pages (unreleased)" |
fea681da | 15 | .SH NAME |
949892a7 | 16 | capget, capset \- set/get capabilities of thread(s) |
af05fc2d AC |
17 | .SH LIBRARY |
18 | Standard C library | |
8fc3b2cf | 19 | .RI ( libc ", " \-lc ) |
fea681da | 20 | .SH SYNOPSIS |
15d65653 | 21 | .nf |
74ddb301 MK |
22 | .BR "#include <linux/capability.h>" " /* Definition of " CAP_* " and" |
23 | .BR " _LINUX_CAPABILITY_*" " constants */" | |
00e4779a AC |
24 | .BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */" |
25 | .B #include <unistd.h> | |
68e4db0a | 26 | .PP |
00e4779a AC |
27 | .BI "int syscall(SYS_capget, cap_user_header_t " hdrp , |
28 | .BI " cap_user_data_t " datap ); | |
29 | .BI "int syscall(SYS_capset, cap_user_header_t " hdrp , | |
30 | .BI " const cap_user_data_t " datap ); | |
15d65653 | 31 | .fi |
bc2813df AC |
32 | .PP |
33 | .IR Note : | |
34 | glibc provides no wrappers for these system calls, | |
35 | necessitating the use of | |
36 | .BR syscall (2). | |
fea681da | 37 | .SH DESCRIPTION |
39d737bf | 38 | These two system calls are the raw kernel interface for getting and |
949892a7 | 39 | setting thread capabilities. |
c13182ef | 40 | Not only are these system calls specific to Linux, |
fea681da | 41 | but the kernel API is likely to change and use of |
39d737bf | 42 | these system calls (in particular the format of the |
438825e0 | 43 | .I cap_user_*_t |
065c5436 AK |
44 | types) is subject to extension with each kernel revision, |
45 | but old programs will keep working. | |
51f5698d | 46 | .PP |
fea681da | 47 | The portable interfaces are |
31e9a9ec | 48 | .BR cap_set_proc (3) |
fea681da | 49 | and |
31e9a9ec | 50 | .BR cap_get_proc (3); |
00e4779a | 51 | if possible, you should use those interfaces in applications; see NOTES. |
962f9d09 | 52 | .\" |
73d8cece | 53 | .SS Current details |
fea681da | 54 | Now that you have been warned, some current kernel details. |
949892a7 | 55 | The structures are defined as follows. |
0ffeaeae | 56 | .PP |
fea681da | 57 | .in +4n |
0ffeaeae | 58 | .EX |
949892a7 MK |
59 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 |
60 | #define _LINUX_CAPABILITY_U32S_1 1 | |
61 | ||
5d33c080 | 62 | /* V2 added in Linux 2.6.25; deprecated */ |
949892a7 | 63 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 |
5d33c080 MK |
64 | .\" commit e338d263a76af78fe8f38a72131188b58fceb591 |
65 | .\" Added 64 bit capability support | |
949892a7 | 66 | #define _LINUX_CAPABILITY_U32S_2 2 |
fea681da | 67 | |
5d33c080 MK |
68 | /* V3 added in Linux 2.6.26 */ |
69 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 | |
70 | .\" commit ca05a99a54db1db5bca72eccb5866d2a86f8517f | |
71 | #define _LINUX_CAPABILITY_U32S_3 2 | |
72 | ||
fea681da | 73 | typedef struct __user_cap_header_struct { |
115b4e0e AC |
74 | __u32 version; |
75 | int pid; | |
fea681da MK |
76 | } *cap_user_header_t; |
77 | ||
78 | typedef struct __user_cap_data_struct { | |
115b4e0e AC |
79 | __u32 effective; |
80 | __u32 permitted; | |
81 | __u32 inheritable; | |
fea681da | 82 | } *cap_user_data_t; |
0ffeaeae | 83 | .EE |
bdd915e2 | 84 | .in |
0ffeaeae | 85 | .PP |
39d737bf MK |
86 | The |
87 | .IR effective , | |
88 | .IR permitted , | |
89 | and | |
90 | .I inheritable | |
f3ae1918 | 91 | fields are bit masks of the capabilities defined in |
6ab6b8e2 | 92 | .BR capabilities (7). |
58bdfd46 | 93 | Note that the |
39d737bf | 94 | .B CAP_* |
f09cbcf3 | 95 | values are bit indexes and need to be bit-shifted before ORing into |
065c5436 | 96 | the bit fields. |
18725368 | 97 | To define the structures for passing to the system call, you have to use the |
065c5436 | 98 | .I struct __user_cap_header_struct |
f09cbcf3 MK |
99 | and |
100 | .I struct __user_cap_data_struct | |
065c5436 | 101 | names because the typedefs are only pointers. |
efeece04 | 102 | .PP |
949892a7 MK |
103 | Kernels prior to 2.6.25 prefer |
104 | 32-bit capabilities with version | |
5d33c080 MK |
105 | .BR _LINUX_CAPABILITY_VERSION_1 . |
106 | Linux 2.6.25 added 64-bit capability sets, with version | |
949892a7 | 107 | .BR _LINUX_CAPABILITY_VERSION_2 . |
5d33c080 | 108 | There was, however, an API glitch, and Linux 2.6.26 added |
1ae6b2c7 | 109 | .B _LINUX_CAPABILITY_VERSION_3 |
5d33c080 | 110 | to fix the problem. |
efeece04 | 111 | .PP |
58bdfd46 | 112 | Note that 64-bit capabilities use |
e7ff7535 | 113 | .I datap[0] |
949892a7 | 114 | and |
e7ff7535 | 115 | .IR datap[1] , |
435b6075 | 116 | whereas 32-bit capabilities use only |
e7ff7535 | 117 | .IR datap[0] . |
efeece04 | 118 | .PP |
c0f82ec1 | 119 | On kernels that support file capabilities (VFS capabilities support), |
0f2ea061 MK |
120 | these system calls behave slightly differently. |
121 | This support was added as an option in Linux 2.6.24, | |
122 | and became fixed (nonoptional) in Linux 2.6.33. | |
efeece04 | 123 | .PP |
949892a7 MK |
124 | For |
125 | .BR capget () | |
126 | calls, one can probe the capabilities of any process by specifying its | |
127 | process ID with the | |
cd415e73 | 128 | .I hdrp\->pid |
949892a7 | 129 | field value. |
24177195 MK |
130 | .PP |
131 | For details on the data, see | |
132 | .BR capabilities (7). | |
133 | .\" | |
c0f82ec1 | 134 | .SS With VFS capabilities support |
946924bd MK |
135 | VFS capabilities employ a file extended attribute (see |
136 | .BR xattr (7)) | |
137 | to allow capabilities to be attached to executables. | |
949892a7 MK |
138 | This privilege model obsoletes kernel support for one process |
139 | asynchronously setting the capabilities of another. | |
c0f82ec1 | 140 | That is, on kernels that have VFS capabilities support, when calling |
c350d86d MK |
141 | .BR capset (), |
142 | the only permitted values for | |
cd415e73 | 143 | .I hdrp\->pid |
c350d86d MK |
144 | are 0 or, equivalently, the value returned by |
145 | .BR gettid (2). | |
146 | .\" | |
c0f82ec1 MK |
147 | .SS Without VFS capabilities support |
148 | On older kernels that do not provide VFS capabilities support | |
949892a7 | 149 | .BR capset () |
c350d86d | 150 | can, if the caller has the |
1ae6b2c7 | 151 | .B CAP_SETPCAP |
c350d86d MK |
152 | capability, be used to change not only the caller's own capabilities, |
153 | but also the capabilities of other threads. | |
154 | The call operates on the capabilities of the thread specified by the | |
c13182ef | 155 | .I pid |
e592f2be | 156 | field of |
6beb1671 | 157 | .I hdrp |
c7094399 | 158 | when that is nonzero, or on the capabilities of the calling thread if |
e592f2be MK |
159 | .I pid |
160 | is 0. | |
c13182ef | 161 | If |
e592f2be | 162 | .I pid |
c13182ef | 163 | refers to a single-threaded process, then |
e592f2be MK |
164 | .I pid |
165 | can be specified as a traditional process ID; | |
166 | operating on a thread of a multithreaded process requires a thread ID | |
c13182ef | 167 | of the type returned by |
e592f2be | 168 | .BR gettid (2). |
c13182ef MK |
169 | For |
170 | .BR capset (), | |
e592f2be | 171 | .I pid |
b328773d | 172 | can also be: \-1, meaning perform the change on all threads except the |
e592f2be | 173 | caller and |
e8906093 | 174 | .BR init (1); |
e592f2be MK |
175 | or a value less than \-1, in which case the change is applied |
176 | to all members of the process group whose ID is \-\fIpid\fP. | |
47297adb | 177 | .SH RETURN VALUE |
c13182ef MK |
178 | On success, zero is returned. |
179 | On error, \-1 is returned, and | |
fea681da | 180 | .I errno |
f6a4078b | 181 | is set to indicate the error. |
efeece04 | 182 | .PP |
a23d8efa | 183 | The calls fail with the error |
065c5436 AK |
184 | .BR EINVAL , |
185 | and set the | |
186 | .I version | |
187 | field of | |
188 | .I hdrp | |
189 | to the kernel preferred value of | |
190 | .B _LINUX_CAPABILITY_VERSION_? | |
191 | when an unsupported | |
192 | .I version | |
193 | value is specified. | |
194 | In this way, one can probe what the current | |
195 | preferred capability revision is. | |
fea681da MK |
196 | .SH ERRORS |
197 | .TP | |
198 | .B EFAULT | |
c13182ef | 199 | Bad memory address. |
fea681da | 200 | .I hdrp |
949892a7 | 201 | must not be NULL. |
fea681da | 202 | .I datap |
435b6075 | 203 | may be NULL only when the user is trying to determine the preferred |
949892a7 | 204 | capability version format supported by the kernel. |
fea681da MK |
205 | .TP |
206 | .B EINVAL | |
207 | One of the arguments was invalid. | |
208 | .TP | |
209 | .B EPERM | |
78271580 MK |
210 | An attempt was made to add a capability to the permitted set, or to set |
211 | a capability in the effective set that is not in the | |
212 | permitted set. | |
fea681da MK |
213 | .TP |
214 | .B EPERM | |
c0188da6 MK |
215 | An attempt was made to add a capability to the inheritable set, and either: |
216 | .RS | |
22356d97 | 217 | .IP \(bu 3 |
c0188da6 | 218 | that capability was not in the caller's bounding set; or |
22356d97 | 219 | .IP \(bu |
c0188da6 MK |
220 | the capability was not in the caller's permitted set |
221 | and the caller lacked the | |
222 | .B CAP_SETPCAP | |
223 | capability in its effective set. | |
224 | .RE | |
225 | .TP | |
226 | .B EPERM | |
e592f2be | 227 | The caller attempted to use |
fea681da | 228 | .BR capset () |
e592f2be | 229 | to modify the capabilities of a thread other than itself, |
949892a7 MK |
230 | but lacked sufficient privilege. |
231 | For kernels supporting VFS | |
232 | capabilities, this is never permitted. | |
233 | For kernels lacking VFS | |
234 | support, the | |
fea681da MK |
235 | .B CAP_SETPCAP |
236 | capability is required. | |
c13182ef | 237 | (A bug in kernels before 2.6.11 meant that this error could also |
e592f2be | 238 | occur if a thread without this capability tried to change its |
e75529df MK |
239 | own capabilities by specifying the |
240 | .I pid | |
c7094399 | 241 | field as a nonzero value (i.e., the value returned by |
c13182ef | 242 | .BR getpid (2)) |
e75529df | 243 | instead of 0.) |
fea681da MK |
244 | .TP |
245 | .B ESRCH | |
e592f2be | 246 | No such thread. |
3113c7f3 | 247 | .SH STANDARDS |
8382f16d | 248 | These system calls are Linux-specific. |
ffc78e2c | 249 | .SH NOTES |
fea681da MK |
250 | The portable interface to the capability querying and setting |
251 | functions is provided by the | |
66ee0c7e | 252 | .I libcap |
af210317 | 253 | library and is available here: |
fea681da | 254 | .br |
94ea06f5 | 255 | .UR http://git.kernel.org/cgit\:/linux\:/kernel\:/git\:/morgan\:\:/libcap.git |
608bf950 | 256 | .UE |
47297adb | 257 | .SH SEE ALSO |
b328773d | 258 | .BR clone (2), |
c13182ef | 259 | .BR gettid (2), |
fea681da | 260 | .BR capabilities (7) |