From 4a1c63ec449d03003d06acc313bc2dba4ab561e8 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Mon, 21 Jan 2008 05:06:11 -0800
Subject: Introduce a capability shell wrapper; capsh.

Capsh is a simple 'bash' wrapper program that can be used to
raise and lower both the bset and pI capabilities before invoking
/bin/bash (hardcoded right now).

The --print option can be used as a quick test whether various
capability manipulations work as expected (or not).

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 libcap/libcap.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'libcap/libcap.h')

diff --git a/libcap/libcap.h b/libcap/libcap.h
index 0e4a167..854f907 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -158,4 +158,12 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data);
 extern int capgetp(pid_t pid, cap_t cap_d);
 extern int capsetp(pid_t pid, cap_t cap_d);
 
+/* prctl based API for altering character of current process */
+#define PR_GET_KEEPCAPS    7
+#define PR_SET_KEEPCAPS    8
+#define PR_CAPBSET_READ   23
+#define PR_CAPBSET_DROP   24
+#define PR_GET_SECUREBITS 25
+#define PR_SET_SECUREBITS 26
+
 #endif /* LIBCAP_H */
-- 
cgit v1.2.3