mirror of https://github.com/mkerrisk/man-pages
255 lines
7.0 KiB
Groff
255 lines
7.0 KiB
Groff
.\" Copyright: written by Andrew Morgan <morgan@kernel.org>
|
|
.\" and Copyright 2006, 2008, Michael Kerrisk <tmk.manpages@gmail.com>
|
|
.\"
|
|
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
|
.\" may be distributed as per GPL
|
|
.\" %%%LICENSE_END
|
|
.\"
|
|
.\" Modified by David A. Wheeler <dwheeler@ida.org>
|
|
.\" Modified 2004-05-27, mtk
|
|
.\" Modified 2004-06-21, aeb
|
|
.\" Modified 2008-04-28, morgan of kernel.org
|
|
.\" Update in line with addition of file capabilities and
|
|
.\" 64-bit capability sets in kernel 2.6.2[45].
|
|
.\" Modified 2009-01-26, andi kleen
|
|
.\"
|
|
.TH CAPGET 2 2021-03-22 "Linux" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
capget, capset \- set/get capabilities of thread(s)
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.BR "#include <linux/capability.h>" " /* Definition of " CAP_* " and"
|
|
.BR " _LINUX_CAPABILITY_*" " constants */"
|
|
.BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
|
|
.B #include <unistd.h>
|
|
.PP
|
|
.BI "int syscall(SYS_capget, cap_user_header_t " hdrp ,
|
|
.BI " cap_user_data_t " datap );
|
|
.BI "int syscall(SYS_capset, cap_user_header_t " hdrp ,
|
|
.BI " const cap_user_data_t " datap );
|
|
.fi
|
|
.SH DESCRIPTION
|
|
These two system calls are the raw kernel interface for getting and
|
|
setting thread capabilities.
|
|
Not only are these system calls specific to Linux,
|
|
but the kernel API is likely to change and use of
|
|
these system calls (in particular the format of the
|
|
.I cap_user_*_t
|
|
types) is subject to extension with each kernel revision,
|
|
but old programs will keep working.
|
|
.PP
|
|
The portable interfaces are
|
|
.BR cap_set_proc (3)
|
|
and
|
|
.BR cap_get_proc (3);
|
|
if possible, you should use those interfaces in applications; see NOTES.
|
|
.\"
|
|
.SS Current details
|
|
Now that you have been warned, some current kernel details.
|
|
The structures are defined as follows.
|
|
.PP
|
|
.in +4n
|
|
.EX
|
|
#define _LINUX_CAPABILITY_VERSION_1 0x19980330
|
|
#define _LINUX_CAPABILITY_U32S_1 1
|
|
|
|
/* V2 added in Linux 2.6.25; deprecated */
|
|
#define _LINUX_CAPABILITY_VERSION_2 0x20071026
|
|
.\" commit e338d263a76af78fe8f38a72131188b58fceb591
|
|
.\" Added 64 bit capability support
|
|
#define _LINUX_CAPABILITY_U32S_2 2
|
|
|
|
/* V3 added in Linux 2.6.26 */
|
|
#define _LINUX_CAPABILITY_VERSION_3 0x20080522
|
|
.\" commit ca05a99a54db1db5bca72eccb5866d2a86f8517f
|
|
#define _LINUX_CAPABILITY_U32S_3 2
|
|
|
|
typedef struct __user_cap_header_struct {
|
|
__u32 version;
|
|
int pid;
|
|
} *cap_user_header_t;
|
|
|
|
typedef struct __user_cap_data_struct {
|
|
__u32 effective;
|
|
__u32 permitted;
|
|
__u32 inheritable;
|
|
} *cap_user_data_t;
|
|
.EE
|
|
.in
|
|
.PP
|
|
The
|
|
.IR effective ,
|
|
.IR permitted ,
|
|
and
|
|
.I inheritable
|
|
fields are bit masks of the capabilities defined in
|
|
.BR capabilities (7).
|
|
Note that the
|
|
.B CAP_*
|
|
values are bit indexes and need to be bit-shifted before ORing into
|
|
the bit fields.
|
|
To define the structures for passing to the system call, you have to use the
|
|
.I struct __user_cap_header_struct
|
|
and
|
|
.I struct __user_cap_data_struct
|
|
names because the typedefs are only pointers.
|
|
.PP
|
|
Kernels prior to 2.6.25 prefer
|
|
32-bit capabilities with version
|
|
.BR _LINUX_CAPABILITY_VERSION_1 .
|
|
Linux 2.6.25 added 64-bit capability sets, with version
|
|
.BR _LINUX_CAPABILITY_VERSION_2 .
|
|
There was, however, an API glitch, and Linux 2.6.26 added
|
|
.BR _LINUX_CAPABILITY_VERSION_3
|
|
to fix the problem.
|
|
.PP
|
|
Note that 64-bit capabilities use
|
|
.I datap[0]
|
|
and
|
|
.IR datap[1] ,
|
|
whereas 32-bit capabilities use only
|
|
.IR datap[0] .
|
|
.PP
|
|
On kernels that support file capabilities (VFS capabilities support),
|
|
these system calls behave slightly differently.
|
|
This support was added as an option in Linux 2.6.24,
|
|
and became fixed (nonoptional) in Linux 2.6.33.
|
|
.PP
|
|
For
|
|
.BR capget ()
|
|
calls, one can probe the capabilities of any process by specifying its
|
|
process ID with the
|
|
.I hdrp\->pid
|
|
field value.
|
|
.PP
|
|
For details on the data, see
|
|
.BR capabilities (7).
|
|
.\"
|
|
.SS With VFS capabilities support
|
|
VFS capabilities employ a file extended attribute (see
|
|
.BR xattr (7))
|
|
to allow capabilities to be attached to executables.
|
|
This privilege model obsoletes kernel support for one process
|
|
asynchronously setting the capabilities of another.
|
|
That is, on kernels that have VFS capabilities support, when calling
|
|
.BR capset (),
|
|
the only permitted values for
|
|
.I hdrp\->pid
|
|
are 0 or, equivalently, the value returned by
|
|
.BR gettid (2).
|
|
.\"
|
|
.SS Without VFS capabilities support
|
|
On older kernels that do not provide VFS capabilities support
|
|
.BR capset ()
|
|
can, if the caller has the
|
|
.BR CAP_SETPCAP
|
|
capability, be used to change not only the caller's own capabilities,
|
|
but also the capabilities of other threads.
|
|
The call operates on the capabilities of the thread specified by the
|
|
.I pid
|
|
field of
|
|
.I hdrp
|
|
when that is nonzero, or on the capabilities of the calling thread if
|
|
.I pid
|
|
is 0.
|
|
If
|
|
.I pid
|
|
refers to a single-threaded process, then
|
|
.I pid
|
|
can be specified as a traditional process ID;
|
|
operating on a thread of a multithreaded process requires a thread ID
|
|
of the type returned by
|
|
.BR gettid (2).
|
|
For
|
|
.BR capset (),
|
|
.I pid
|
|
can also be: \-1, meaning perform the change on all threads except the
|
|
caller and
|
|
.BR init (1);
|
|
or a value less than \-1, in which case the change is applied
|
|
to all members of the process group whose ID is \-\fIpid\fP.
|
|
.SH RETURN VALUE
|
|
On success, zero is returned.
|
|
On error, \-1 is returned, and
|
|
.I errno
|
|
is set to indicate the error.
|
|
.PP
|
|
The calls fail with the error
|
|
.BR EINVAL ,
|
|
and set the
|
|
.I version
|
|
field of
|
|
.I hdrp
|
|
to the kernel preferred value of
|
|
.B _LINUX_CAPABILITY_VERSION_?
|
|
when an unsupported
|
|
.I version
|
|
value is specified.
|
|
In this way, one can probe what the current
|
|
preferred capability revision is.
|
|
.SH ERRORS
|
|
.TP
|
|
.B EFAULT
|
|
Bad memory address.
|
|
.I hdrp
|
|
must not be NULL.
|
|
.I datap
|
|
may be NULL only when the user is trying to determine the preferred
|
|
capability version format supported by the kernel.
|
|
.TP
|
|
.B EINVAL
|
|
One of the arguments was invalid.
|
|
.TP
|
|
.B EPERM
|
|
An attempt was made to add a capability to the permitted set, or to set
|
|
a capability in the effective set that is not in the
|
|
permitted set.
|
|
.TP
|
|
.B EPERM
|
|
An attempt was made to add a capability to the inheritable set, and either:
|
|
.RS
|
|
.IP * 3
|
|
that capability was not in the caller's bounding set; or
|
|
.IP *
|
|
the capability was not in the caller's permitted set
|
|
and the caller lacked the
|
|
.B CAP_SETPCAP
|
|
capability in its effective set.
|
|
.RE
|
|
.TP
|
|
.B EPERM
|
|
The caller attempted to use
|
|
.BR capset ()
|
|
to modify the capabilities of a thread other than itself,
|
|
but lacked sufficient privilege.
|
|
For kernels supporting VFS
|
|
capabilities, this is never permitted.
|
|
For kernels lacking VFS
|
|
support, the
|
|
.B CAP_SETPCAP
|
|
capability is required.
|
|
(A bug in kernels before 2.6.11 meant that this error could also
|
|
occur if a thread without this capability tried to change its
|
|
own capabilities by specifying the
|
|
.I pid
|
|
field as a nonzero value (i.e., the value returned by
|
|
.BR getpid (2))
|
|
instead of 0.)
|
|
.TP
|
|
.B ESRCH
|
|
No such thread.
|
|
.SH CONFORMING TO
|
|
These system calls are Linux-specific.
|
|
.SH NOTES
|
|
The portable interface to the capability querying and setting
|
|
functions is provided by the
|
|
.I libcap
|
|
library and is available here:
|
|
.br
|
|
.UR http://git.kernel.org/cgit\:/linux\:/kernel\:/git\:/morgan\:\:/libcap.git
|
|
.UE
|
|
.SH SEE ALSO
|
|
.BR clone (2),
|
|
.BR gettid (2),
|
|
.BR capabilities (7)
|