Introduce a capability shell wrapper; capsh.

Capsh is a simple 'bash' wrapper program that can be used to raise and lower both the bset and pI capabilities before invoking /bin/bash (hardcoded right now). The --print option can be used as a quick test whether various capability manipulations work as expected (or not). Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
author: Andrew G. Morgan <morgan@kernel.org> 2008-01-21 05:06:11 -0800
committer: Andrew G. Morgan <morgan@kernel.org> 2008-01-21 05:15:20 -0800
commit: 4a1c63ec449d03003d06acc313bc2dba4ab561e8 (patch)
tree: 6d3719fb53bc67d44e87f02d95bc1e2b68e3b6e3 /libcap/libcap.h
parent: f59a32cbe47fad5b9e34426131241b080eb65ca0 (diff)
download: libcap-4a1c63ec449d03003d06acc313bc2dba4ab561e8.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/libcap/libcap.h b/libcap/libcap.h
index 0e4a167..854f907 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -158,4 +158,12 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data);
 extern int capgetp(pid_t pid, cap_t cap_d);
 extern int capsetp(pid_t pid, cap_t cap_d);
 
+/* prctl based API for altering character of current process */
+#define PR_GET_KEEPCAPS    7
+#define PR_SET_KEEPCAPS    8
+#define PR_CAPBSET_READ   23
+#define PR_CAPBSET_DROP   24
+#define PR_GET_SECUREBITS 25
+#define PR_SET_SECUREBITS 26
+
 #endif /* LIBCAP_H */
author	Andrew G. Morgan <morgan@kernel.org>	2008-01-21 05:06:11 -0800
committer	Andrew G. Morgan <morgan@kernel.org>	2008-01-21 05:15:20 -0800
commit	4a1c63ec449d03003d06acc313bc2dba4ab561e8 (patch)
tree	6d3719fb53bc67d44e87f02d95bc1e2b68e3b6e3 /libcap/libcap.h
parent	f59a32cbe47fad5b9e34426131241b080eb65ca0 (diff)
download	libcap-4a1c63ec449d03003d06acc313bc2dba4ab561e8.tar.gz