summaryrefslogtreecommitdiff
path: root/doc/old/_setfilecap.2
diff options
context:
space:
mode:
Diffstat (limited to 'doc/old/_setfilecap.2')
-rw-r--r--doc/old/_setfilecap.2117
1 files changed, 117 insertions, 0 deletions
diff --git a/doc/old/_setfilecap.2 b/doc/old/_setfilecap.2
new file mode 100644
index 0000000..6a0538c
--- /dev/null
+++ b/doc/old/_setfilecap.2
@@ -0,0 +1,117 @@
+.\"
+.\" $Id: _setfilecap.2,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $
+.\" written by Andrew Main <zefram@dcs.warwick.ac.uk>
+.\"
+.TH _SETFILECAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual"
+.SH NAME
+_setfilecap, _getfilecap, _fsetfilecap, _fgetfilecap \- set/get file capabilities
+.SH SYNOPSIS
+.B #include <sys/capability.h>
+.sp
+.BI "int _setfilecap(char const *" filename ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset );
+.sp
+.BI "int _getproccap(char const *" filename ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset );
+.sp
+.BI "int _fsetfilecap(int " fd ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset );
+.sp
+.BI "int _fgetproccap(int " fd ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset );
+.SH USAGE
+.br
+.B cc ... -lcap
+.SH DESCRIPTION
+.B _setfilecap
+sets the specified
+.IR filename 's
+Inheritable, Permitted and Effective capabilities to the sets specified.
+A NULL pointer specifies that a set should not be changed.
+.PP
+.B _fsetfilecap
+does the same thing to the file referenced by file descriptor
+.IR fd .
+.PP
+.B _getfilecap
+and
+.B _fgetfilecap
+copy the file's capability sets into the sets provided.
+A NULL pointer specifies that a set should not be returned.
+.PP
+The
+.I usize
+argument specifies the size of the user-space capability sets, in bytes.
+If the kernel uses a different size internally, it will truncate or
+zero-fill as required.
+.PP
+Files don't actually have a proper Effective capability set. Instead they
+have a single-bit flag, that indicates that the set is either full or
+empty. When setting a file's capabilities, that flag will be set if
+and only if the Effective set specified has at least one bit set.
+.SH "RETURN VALUE"
+On success, zero is returned. On error, -1 is returned, and
+.I errno
+is set appropriately.
+.SH ERRORS
+.TP
+.SB EFAULT
+One of the capability arguments or the filename was an invalid data pointer.
+.TP
+.SB EPERM
+An attempt was made to set non-empty capabilities on a file,
+and the caller does not have the
+.SB CAP_FSETCAP
+capability raised.
+.TP
+.SB EPERM
+An attempt was made to set capabilities on a file, and
+the effective UID does not match the owner of the file, and the caller
+does not have the
+.SB CAP_FOWNER
+capability raised.
+.TP
+.SB EINVAL
+An attempt was made to set non-empty capabilities on a file
+residing on a file system that does not support them.
+.TP
+.SB EROFS
+An attempt was made to set capabilities on a file residing
+on a read-only file system.
+.TP
+.SB ENAMETOOLONG
+.I filename
+is too long.
+.TP
+.SB ENOENT
+The file specified does not exist.
+.TP
+.SB ENOMEM
+Insufficient kernel memory was available.
+.TP
+.SB ENOTDIR
+A component of the path prefix is not a directory.
+.TP
+.SB EACCES
+Search permission is denied on a component of the path prefix.
+.TP
+.SB ELOOP
+.I filename
+containes a circular reference (via symlinks).
+.TP
+.SB EBADF
+.I fd
+is not a valid file descriptor.
+.TP
+.SB EIO
+A hard error occurred while reading or writing the file system.
+.TP
+.SB ENOSYS
+The POSIX.1e capability system was not configured into the kernel.
+.SH "CONFORMING TO"
+These system calls are specific to Linux.
+The portable interfaces are
+.IR cap_set_file (3),
+.IR cap_get_file (3),
+.IR cap_set_fd (3),
+and
+.IR cap_get_fd (3).
+.SH "SEE ALSO"
+.IR _setproccap (2).
+