aboutsummaryrefslogtreecommitdiff
path: root/libcap-ng-0.7/docs/capng_lock.3
diff options
context:
space:
mode:
Diffstat (limited to 'libcap-ng-0.7/docs/capng_lock.3')
-rw-r--r--libcap-ng-0.7/docs/capng_lock.325
1 files changed, 25 insertions, 0 deletions
diff --git a/libcap-ng-0.7/docs/capng_lock.3 b/libcap-ng-0.7/docs/capng_lock.3
new file mode 100644
index 0000000..7683119
--- /dev/null
+++ b/libcap-ng-0.7/docs/capng_lock.3
@@ -0,0 +1,25 @@
+.TH "CAPNG_LOCK" "3" "June 2009" "Red Hat" "Libcap-ng API"
+.SH NAME
+capng_lock \- lock the current process capabilities settings
+.SH "SYNOPSIS"
+.B #include <cap-ng.h>
+.sp
+int capng_lock(void);
+
+.SH "DESCRIPTION"
+
+capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.
+
+
+.SH "RETURN VALUE"
+
+This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options.
+
+.SH "SEE ALSO"
+
+.BR capng_apply (3),
+.BR prctl (2),
+.BR capabilities (7)
+
+.SH AUTHOR
+Steve Grubb
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 13:45:16 +0000