prctl.2, PR_CAP_AMBIENT.2const: Split PR_CAP_AMBIENT from prctl(2)

Signed-off-by: Alejandro Colomar <alx@kernel.org>
author: Alejandro Colomar <alx@kernel.org> 2024-05-26 14:20:07 +0200
committer: Alejandro Colomar <alx@kernel.org> 2024-05-30 15:31:12 +0200
commit: ba62c71f41a21d2426a81a047b647a476b14267f (patch)
tree: 11f29629e2c86b85927fa0cbee5558d02812f139
parent: 07e8a6c45b61ef52813a06a687d5165a828a2415 (diff)
download: man-pages-ba62c71f41a21d2426a81a047b647a476b14267f.tar.gz
2 files changed, 131 insertions, 87 deletions
diff --git a/man/man2/prctl.2 b/man/man2/prctl.2
index 9eab5015ec..ff0fa830f5 100644
--- a/man/man2/prctl.2
+++ b/man/man2/prctl.2
@@ -64,60 +64,8 @@ is called with a first argument describing what to do
 arguments with a significance depending on the first one.
 The first argument can be:
 .\"
-.\" prctl PR_CAP_AMBIENT
 .TP
-.BR PR_CAP_AMBIENT " (since Linux 4.3)"
-.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
-Reads or changes the ambient capability set of the calling thread,
-according to the value of
-.IR arg2 ,
-which must be one of the following:
-.RS
-.\"
-.TP
-.B PR_CAP_AMBIENT_RAISE
-The capability specified in
-.I arg3
-is added to the ambient set.
-The specified capability must already be present in
-both the permitted and the inheritable sets of the process.
-This operation is not permitted if the
-.B SECBIT_NO_CAP_AMBIENT_RAISE
-securebit is set.
-.TP
-.B PR_CAP_AMBIENT_LOWER
-The capability specified in
-.I arg3
-is removed from the ambient set.
-.TP
-.B PR_CAP_AMBIENT_IS_SET
-The
-.BR prctl ()
-call returns 1 if the capability in
-.I arg3
-is in the ambient set and 0 if it is not.
-.TP
-.B PR_CAP_AMBIENT_CLEAR_ALL
-All capabilities will be removed from the ambient set.
-This operation requires setting
-.I arg3
-to zero.
-.RE
-.IP
-In all of the above operations,
-.I arg4
-and
-.I arg5
-must be specified as 0.
-.IP
-Higher-level interfaces layered on top of the above operations are
-provided in the
-.BR libcap (3)
-library in the form of
-.BR cap_get_ambient (3),
-.BR cap_set_ambient (3),
-and
-.BR cap_reset_ambient (3).
+.B PR_CAP_AMBIENT
 .\" prctl PR_CAPBSET_READ
 .TP
 .BR PR_CAPBSET_READ " (since Linux 2.6.25)"
@@ -2073,7 +2021,6 @@ of the calling process.
 for information on the protection mask bits.)
 .SH RETURN VALUE
 On success,
-.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
 .BR PR_CAPBSET_READ ,
 .BR PR_GET_DUMPABLE ,
 .BR PR_GET_FP_MODE ,
@@ -2291,24 +2238,6 @@ is not equal to 1.
 .B EINVAL
 .I op
 is
-.B PR_CAP_AMBIENT
-and
-.I arg2
-has an invalid value;
-or
-.I arg2
-is
-.BR PR_CAP_AMBIENT_LOWER ,
-.BR PR_CAP_AMBIENT_RAISE ,
-or
-.B PR_CAP_AMBIENT_IS_SET
-and
-.I arg3
-does not specify a valid capability.
-.TP
-.B EINVAL
-.I op
-is
 .B PR_PAC_RESET_KEYS
 and the arguments are invalid or unsupported.
 See the description of
@@ -2444,21 +2373,6 @@ and the caller does not have the
 .B CAP_SYS_RESOURCE
 capability.
 .TP
-.B EPERM
-.I op
-is
-.B PR_CAP_AMBIENT
-and
-.I arg2
-is
-.BR PR_CAP_AMBIENT_RAISE ,
-but either the capability specified in
-.I arg3
-is not present in the process's permitted and inheritable capability sets,
-or the
-.B PR_CAP_AMBIENT_LOWER
-securebit has been set.
-.TP
 .B ERANGE
 .I op
 was
@@ -2495,4 +2409,5 @@ Linux 2.1.57,
 glibc 2.0.6
 .SH SEE ALSO
 .BR signal (2),
+.BR PR_CAP_AMBIENT (2const),
 .BR core (5)
diff --git a/man/man2const/PR_CAP_AMBIENT.2const b/man/man2const/PR_CAP_AMBIENT.2const
new file mode 100644
index 0000000000..71af20d8b5
--- /dev/null
+++ b/man/man2const/PR_CAP_AMBIENT.2const
@@ -0,0 +1,129 @@
+.\" Copyright 2015, Michael Kerrisk <mtk.manpages@gmail.com>
+.\"
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
+.\"
+.TH PR_CAP_AMBIENT 2const (date) "Linux man-pages (unreleased)"
+.SH NAME
+PR_CAP_AMBIENT
+\-
+read or change the ambient capability set of the calling thread
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
+.SH SYNOPSIS
+.nf
+.B #include <sys/prctl.h>
+.P
+.BI "int prctl(int " op ", ..."
+.BI "          \fR/*\fP unsigned long " arg2 ", unsigned long " arg3 ,
+.BI "          unsigned long " arg4 ", unsigned long " arg5 " \fR*/\fP );"
+.fi
+.SH DESCRIPTION
+.TP
+.BR PR_CAP_AMBIENT " (since Linux 4.3)"
+.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
+Reads or changes the ambient capability set of the calling thread,
+according to the value of
+.IR arg2 ,
+which must be one of the following:
+.RS
+.\"
+.TP
+.B PR_CAP_AMBIENT_RAISE
+The capability specified in
+.I arg3
+is added to the ambient set.
+The specified capability must already be present in
+both the permitted and the inheritable sets of the process.
+This operation is not permitted if the
+.B SECBIT_NO_CAP_AMBIENT_RAISE
+securebit is set.
+.TP
+.B PR_CAP_AMBIENT_LOWER
+The capability specified in
+.I arg3
+is removed from the ambient set.
+.TP
+.B PR_CAP_AMBIENT_IS_SET
+The
+.BR prctl ()
+call returns 1 if the capability in
+.I arg3
+is in the ambient set and 0 if it is not.
+.TP
+.B PR_CAP_AMBIENT_CLEAR_ALL
+All capabilities will be removed from the ambient set.
+This operation requires setting
+.I arg3
+to zero.
+.RE
+.IP
+In all of the above operations,
+.I arg4
+and
+.I arg5
+must be specified as 0.
+.IP
+Higher-level interfaces layered on top of the above operations are
+provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_get_ambient (3),
+.BR cap_set_ambient (3),
+and
+.BR cap_reset_ambient (3).
+.\" prctl PR_CAPBSET_READ
+.SH RETURN VALUE
+On success,
+.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
+return the nonnegative values described above.
+All other
+.I op
+values return 0 on success.
+On error, \-1 is returned, and
+.I errno
+is set to indicate the error.
+.SH ERRORS
+.TP
+.B EINVAL
+.I arg2
+is not valid value for this
+.IR op .
+.TP
+.B EINVAL
+.I op
+is
+.B PR_CAP_AMBIENT
+and
+.I arg2
+has an invalid value;
+or
+.I arg2
+is
+.BR PR_CAP_AMBIENT_LOWER ,
+.BR PR_CAP_AMBIENT_RAISE ,
+or
+.B PR_CAP_AMBIENT_IS_SET
+and
+.I arg3
+does not specify a valid capability.
+.TP
+.B EPERM
+.I op
+is
+.B PR_CAP_AMBIENT
+and
+.I arg2
+is
+.BR PR_CAP_AMBIENT_RAISE ,
+but either the capability specified in
+.I arg3
+is not present in the process's permitted and inheritable capability sets,
+or the
+.B PR_CAP_AMBIENT_LOWER
+securebit has been set.
+.SH STANDARDS
+Linux.
+.SH HISTORY
+.SH SEE ALSO
+.BR prctl (2)
author	Alejandro Colomar <alx@kernel.org>	2024-05-26 14:20:07 +0200
committer	Alejandro Colomar <alx@kernel.org>	2024-05-30 15:31:12 +0200
commit	ba62c71f41a21d2426a81a047b647a476b14267f (patch)
tree	11f29629e2c86b85927fa0cbee5558d02812f139
parent	07e8a6c45b61ef52813a06a687d5165a828a2415 (diff)
download	man-pages-ba62c71f41a21d2426a81a047b647a476b14267f.tar.gz