From 1d1011a3c5049a7f9eef99d22f3704e4367579cc Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Thu, 6 Sep 2012 10:14:03 -0700 Subject: Initial checkin: libcap-ng-0.7 This is the initial checkin of libcap-ng, a set of libraries and tools which make minipulating capabilities easier. This code was originally downloaded from http://people.redhat.com/sgrubb/libcap-ng/ and has been lightly modified to make it work on Android. (please see the "if !defined(ANDROID)" lines in libcap-ng-0.7/utils/pscap.c and libcap-ng-0.7/src/cap-ng.c) The files Android.mk and README were created by myself. The file config.h was created by running ./configure on my desktop machine. Change-Id: I110084a922315a2754246c4f6f026c2c4328312b --- libcap-ng-0.7/docs/capng_lock.3 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 libcap-ng-0.7/docs/capng_lock.3 (limited to 'libcap-ng-0.7/docs/capng_lock.3') diff --git a/libcap-ng-0.7/docs/capng_lock.3 b/libcap-ng-0.7/docs/capng_lock.3 new file mode 100644 index 0000000..7683119 --- /dev/null +++ b/libcap-ng-0.7/docs/capng_lock.3 @@ -0,0 +1,25 @@ +.TH "CAPNG_LOCK" "3" "June 2009" "Red Hat" "Libcap-ng API" +.SH NAME +capng_lock \- lock the current process capabilities settings +.SH "SYNOPSIS" +.B #include +.sp +int capng_lock(void); + +.SH "DESCRIPTION" + +capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS. + + +.SH "RETURN VALUE" + +This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options. + +.SH "SEE ALSO" + +.BR capng_apply (3), +.BR prctl (2), +.BR capabilities (7) + +.SH AUTHOR +Steve Grubb -- cgit v1.2.3