Introduce a capability shell wrapper; capsh.

Capsh is a simple 'bash' wrapper program that can be used to raise and lower both the bset and pI capabilities before invoking /bin/bash (hardcoded right now). The --print option can be used as a quick test whether various capability manipulations work as expected (or not). Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
author: Andrew G. Morgan <morgan@kernel.org> 2008-01-21 05:06:11 -0800
committer: Jorge Lucangeli Obes <jorgelo@google.com> 2015-09-03 14:13:03 -0700
commit: c3f65b8566ae824931ed8799fad81c36a2f66537 (patch)
tree: 6d3719fb53bc67d44e87f02d95bc1e2b68e3b6e3 /libcap
parent: 907393e8d611fc887440d77335bc87adc0bed0bd (diff)
download: libcap-c3f65b8566ae824931ed8799fad81c36a2f66537.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/libcap/libcap.h b/libcap/libcap.h
index 0e4a167..854f907 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -158,4 +158,12 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data);
 extern int capgetp(pid_t pid, cap_t cap_d);
 extern int capsetp(pid_t pid, cap_t cap_d);
 
+/* prctl based API for altering character of current process */
+#define PR_GET_KEEPCAPS    7
+#define PR_SET_KEEPCAPS    8
+#define PR_CAPBSET_READ   23
+#define PR_CAPBSET_DROP   24
+#define PR_GET_SECUREBITS 25
+#define PR_SET_SECUREBITS 26
+
 #endif /* LIBCAP_H */
author	Andrew G. Morgan <morgan@kernel.org>	2008-01-21 05:06:11 -0800
committer	Jorge Lucangeli Obes <jorgelo@google.com>	2015-09-03 14:13:03 -0700
commit	c3f65b8566ae824931ed8799fad81c36a2f66537 (patch)
tree	6d3719fb53bc67d44e87f02d95bc1e2b68e3b6e3 /libcap
parent	907393e8d611fc887440d77335bc87adc0bed0bd (diff)
download	libcap-c3f65b8566ae824931ed8799fad81c36a2f66537.tar.gz