Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

39. Capabilities > Changing Process Capabilities Programmatically

Changing Process Capabilities Programmatically

A process can raise or drop capabilities from its capability sets using either the capset() system call or, preferably, the libcap API, which we describe below. Changes to process capabilities are subject to the following rules:

  1. If the process doesn’t have the CAP_SETPCAP capability in its effective set, then the new inheritable set must be a subset of the combination of the existing inheritable and permitted sets.

  2. The new inheritable set must be a subset of the combination of the existing inheritable set and the capability bounding set.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint