Add some bounding set capability support to libcap.

Include some documentation and a link to capsh's man page.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

2 files changed, 26 insertions, 2 deletions

diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
index 7a6af39..6040c02 100644
--- a/libcap/cap_proc.c
+++ b/libcap/cap_proc.c
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 1997-8,2007 Andrew G Morgan <morgan@kernel.org>
+ * Copyright (c) 1997-8,2007,2011 Andrew G Morgan <morgan@kernel.org>
  *
- * This file deals with setting capabilities on processes.
+ * This file deals with getting and setting capabilities on processes.
  */
 
 #include "libcap.h"
@@ -103,3 +103,22 @@ int capsetp(pid_t pid, cap_t cap_d)
     return error;
 }
 
+/* get a capability from the bounding set */
+
+int cap_get_bound(cap_value_t cap)
+{
+    int result;
+
+    result = prctl(PR_CAPBSET_READ, cap);
+    return result;
+}
+
+/* drop a capability from the bounding set */
+
+int cap_drop_bound(cap_value_t cap)
+{
+    int result;
+
+    result = prctl(PR_CAPBSET_DROP, cap);
+    return result;
+}
diff --git a/libcap/include/sys/capability.h b/libcap/include/sys/capability.h
index c749327..4b54acc 100644
--- a/libcap/include/sys/capability.h
+++ b/libcap/include/sys/capability.h
@@ -93,6 +93,11 @@ extern cap_t   cap_get_proc(void);
 extern cap_t   cap_get_pid(pid_t);
 extern int     cap_set_proc(cap_t);
 
+extern int     cap_get_bound(cap_value_t);
+extern int     cap_drop_bound(cap_value_t);
+
+#define CAP_IS_SUPPORTED(cap)  (cap_get_bound(cap) >= 0)
+
 /* libcap/cap_extint.c */
 extern ssize_t cap_size(cap_t);
 extern ssize_t cap_copy_ext(void *, cap_t, ssize_t);