prctl.2: Mention libcap APIs for operating on capability bounding set

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-11-16 21:32:45 +01:00 · 2018-11-16 21:32:45 +01:00 · d9a0d1d7b7
parent 6a1634dc09
commit d9a0d1d7b7
1 changed files with 10 additions and 0 deletions
--- a/man2/prctl.2
+++ b/man2/prctl.2
@ -129,6 +129,11 @@ If the capability specified in
 .I arg2
 is not valid, then the call fails with the error
 .BR EINVAL .
+.IP
+A higher-level interface layered on top of this operation is provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_get_bound (3).
 .TP
 .BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
 If the calling thread has the
@ -150,6 +155,11 @@ does not represent a valid capability; or
 .BR EINVAL
 if file capabilities are not enabled in the kernel,
 in which case bounding sets are not supported.
+.IP
+A higher-level interface layered on top of this operation is provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_drop_bound (3).
 .TP
 .BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
 .\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b