diff options
Diffstat (limited to 'doc/cap_clear.3')
| -rw-r--r-- | doc/cap_clear.3 | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/doc/cap_clear.3 b/doc/cap_clear.3 index 6d06049..b8dbc30 100644 --- a/doc/cap_clear.3 +++ b/doc/cap_clear.3 @@ -1,6 +1,6 @@ -.TH CAP_CLEAR 3 "2021-03-06" "" "Linux Programmer's Manual" +.TH CAP_CLEAR 3 "2022-10-16" "" "Linux Programmer's Manual" .SH NAME -cap_clear, cap_clear_flag, cap_get_flag, cap_set_flag, cap_fill, cap_compare \- capability data object manipulation +cap_clear, cap_clear_flag, cap_get_flag, cap_set_flag, cap_fill_flag, cap_fill, cap_compare, cap_max_bits \- capability data object manipulation .SH SYNOPSIS .nf #include <sys/capability.h> @@ -11,8 +11,11 @@ int cap_get_flag(cap_t cap_p, cap_value_t cap, cap_flag_t flag, cap_flag_value_t *value_p); int cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap, const cap_value_t *caps, cap_flag_value_t value); +int cap_fill_flag(cap_t cap_p, cap_flag_t to, + const cap_t ref, cap_flag_t from); int cap_fill(cap_t cap_p, cap_flag_t to, cap_flag_t from); int cap_compare(cap_t cap_a, cap_t cap_b); +cap_value_t cap_max_bits(); .fi .sp Link with \fI\-lcap\fP. @@ -20,7 +23,7 @@ Link with \fI\-lcap\fP. These functions work on a capability state held in working storage. A .I cap_t -holds information about the capabilities in each of the three sets, +holds information about the capabilities in each of the three flags, Permitted, Inheritable, and Effective. Each capability in a set may be clear (disabled, 0) or set (enabled, 1). .PP @@ -32,7 +35,7 @@ identifies a capability, such as .TP .I cap_flag_t identifies one of the three flags associated with a capability -(i.e., it identifies one of the three capability sets). +(i.e., it identifies one of the three capability dimensions). Valid values for this type are .BR CAP_EFFECTIVE , .B CAP_INHERITABLE @@ -81,6 +84,10 @@ The argument, is used to specify the number of capabilities in the array, .IR caps . .PP +.BR cap_fill_flag () +fills the to flag of one capability set, with the values in the from +flag of a reference capability set. +.PP .BR cap_fill () fills the to flag values by copying all of the from flag values. .PP @@ -88,18 +95,28 @@ fills the to flag values by copying all of the from flag values. compares two full capability sets and, in the spirit of .BR memcmp (), returns zero if the two capability sets are identical. A positive -return value, -.BR status , -indicates there is a difference between them. The -returned value carries further information about which of three sets, -.I cap_flag_t -.BR flag , -differ. Specifically, the macro +return +.I value +indicates there is a difference between them. The returned +.I value +carries further information about the +.BI "cap_flag_t " flag +differences. Specifically, the macro .B CAP_DIFFERS -.RI ( status ", " flag ) -evaluates to non-zero if the returned status differs in its +.RI ( value ", " flag ) +evaluates to non-zero if the returned +.I value +differs in its .I flag components. +.PP +.BR cap_max_bits () +returns the number of capability values known to the running +kernel. This may differ from libcap's list known at compilation +time. Unnamed, at compilation time, capabilites can be referred to +numerically and libcap will handle them appropriately. Note, the +running kernel wins and it gets to define what "all" capabilities +means. .SH "RETURN VALUE" .BR cap_clear (), .BR cap_clear_flag (), @@ -109,7 +126,12 @@ and .BR cap_compare () return zero on success, and \-1 on failure. Other return values for .BR cap_compare () -are described above. +are described above. The function +.BR cap_max_bits () +returns a numeric value of type +.B cap_value_t +that is one larger than the largest actual value known to the running +kernel. .PP On failure, .I errno @@ -117,11 +139,14 @@ is set to .BR EINVAL , indicating that one of the arguments is invalid. .SH "CONFORMING TO" -These functions are as per the withdrawn POSIX.1e draft specification. -.BR cap_clear_flag () -and +These functions are mostly as per specified in the withdrawn POSIX.1e +draft specification. The following are Linux extensions: +.BR cap_fill (), +.BR cap_fill_flag (), +.BR cap_clear_flag (), .BR cap_compare () -are Linux extensions. +and +.BR cap_max_bits (). .SH "SEE ALSO" .BR libcap (3), .BR cap_copy_ext (3), |