diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-05-26 16:40:41 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-05-30 15:31:14 +0200 |
| commit | fe09bbd6f3d3dd679365c514c28f1bef203155e0 (patch) | |
| tree | c090d96532eca88d05ca53b66185ddd07fb95587 | |
| parent | 2c29a8a4fb71f38aacf38ca66bc58ef2184be68a (diff) | |
| download | man-pages-fe09bbd6f3d3dd679365c514c28f1bef203155e0.tar.gz | |
PR_CAPBSET_DROP.2const: Tweak after split
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2const/PR_CAPBSET_DROP.2const | 58 |
1 files changed, 21 insertions, 37 deletions
diff --git a/man/man2const/PR_CAPBSET_DROP.2const b/man/man2const/PR_CAPBSET_DROP.2const index 9805b4e581..28c1ea2c0b 100644 --- a/man/man2const/PR_CAPBSET_DROP.2const +++ b/man/man2const/PR_CAPBSET_DROP.2const @@ -1,15 +1,14 @@ .\" Copyright 2008, Serge Hallyn <serge@hallyn.com> .\" Copyright 2008, 2012, 2013, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" Copyright 2024, Alejandro Colomar <alx@kernel.org> .\" .\" SPDX-License-Identifier: Linux-man-pages-copyleft .\" -.\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_DROP -.\" .TH PR_CAPBSET_DROP 2const (date) "Linux man-pages (unreleased)" .SH NAME PR_CAPBSET_DROP \- -drop capabilities from the calling thread's capability bounding set +drop a capability from the calling thread's capability bounding set .SH LIBRARY Standard C library .RI ( libc ", " \-lc ) @@ -17,59 +16,44 @@ Standard C library .nf .B #include <sys/prctl.h> .P -.BI "int prctl(int " op ", ..." -.BI " \fR/*\fP unsigned long " arg2 ", unsigned long " arg3 , -.BI " unsigned long " arg4 ", unsigned long " arg5 " \fR*/\fP );" +.BI "int prctl(PR_CAPBSET_DROP, long " cap ", 0L, 0L, 0L);" .fi .SH DESCRIPTION -.TP -.BR PR_CAPBSET_DROP " (since Linux 2.6.25)" -If the calling thread has the -.B CAP_SETPCAP -capability within its user namespace, then drop the capability specified by -.I arg2 +Drop the capability specified by +.I cap from the calling thread's capability bounding set. Any children of the calling thread will inherit the newly reduced bounding set. -.IP -The call fails with the error: -.B EPERM -if the calling thread does not have the -.BR CAP_SETPCAP ; -.B EINVAL -if -.I arg2 -does not represent a valid capability; or -.B EINVAL -if file capabilities are not enabled in the kernel, -in which case bounding sets are not supported. -.IP -A higher-level interface layered on top of this operation is provided in the -.BR libcap (3) -library in the form of -.BR cap_drop_bound (3). .SH RETURN VALUE On success, -values return 0 on success. +0 is returned. On error, \-1 is returned, and .I errno is set to indicate the error. .SH ERRORS .TP .B EINVAL -.I arg2 -is not a valid value for this -.IR op . +File capabilities are not enabled in the kernel. +.TP +.B EINVAL +.I cap +does not specify a valid capability. .TP .B EPERM -.I op -is -.BR PR_CAPBSET_DROP , -and the caller does not have the +The caller does not have the .B CAP_SETPCAP capability. +.SH VERSIONS +A higher-level interface layered on top of this operation is provided in the +.BR libcap (3) +library in the form of +.BR cap_drop_bound (3). .SH STANDARDS Linux. .SH HISTORY +Linux 2.6.25. .SH SEE ALSO .BR prctl (2), +.BR PR_CAPBSET_READ (2const) +.BR libcap (3), +.BR cap_drop_bound (3) |