|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | NOTES | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
CAPNG_APPLY(3) Libcap-ng API CAPNG_APPLY(3)
capng_apply - apply the stored capabilities settings
#include <cap-ng.h>
int capng_apply(capng_select_t set);
capng_apply will transfer the specified internal POSIX
capabilities settings to the kernel. The options are
CAPNG_SELECT_CAPS for the traditional capabilities,
CAPNG_SELECT_BOUNDS for the bounding set, CAPNG_SELECT_BOTH if
transferring both is desired, CAPNG_SELECT_AMBIENT if only
operating on the ambient capabilities, or CAPNG_SELECT_ALL if
applying all is desired.
This returns 0 on success and a negative value on failure. The
values are:
-1 not initialized
-2 CAPNG_SELECT_BOUNDS and failure to drop a bounding set
capability
-3 CAPNG_SELECT_BOUNDS and failure to re-read bounding set
-4 CAPNG_SELECT_BOUNDS and process does not have
CAP_SETPCAP
-5 CAPNG_SELECT_CAPS and failure in capset syscall
-6 CAPNG_SELECT_AMBIENT and process has no capabilities and
failed clearing ambient capabilities
-7 CAPNG_SELECT_AMBIENT and process has capabilities and
failed clearing ambient capabilities
-8 CAPNG_SELECT_AMBIENT and process has capabilities and
failed setting an ambient capability
-9 Unable to acquire process capabilities to check if
CAP_SETPCAP is set.
If you are doing multi-threaded programming, calling this function
will only set capabilities on the calling thread. All other
threads are unaffected. If you want to set overall capabilities
for a multi-threaded process, you will need to do that before
creating any threads. See the capset syscall for more information
on this topic.
Also, bits in the bounding set can only be dropped. You cannot set
them. After dropping bounding set capabilities, the bounding set
is synchronized with the kernel to reflect the true state in the
kernel.
capset(2), capng_update(3), capabilities(7)
Steve Grubb
This page is part of the libcap-ng (capabilities commands and
library (NG)) project. Information about the project can be found
at ⟨https://people.redhat.com/sgrubb/libcap-ng/⟩. It is not known
how to report bugs for this man page; if you know, please send a
mail to man-pages@man7.org. This page was obtained from the
tarball fetched from
⟨https://people.redhat.com/sgrubb/libcap-ng/index.html⟩ on
2025-08-11. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-
to-date source for the page, or you have corrections or
improvements to the information in this COLOPHON (which is not
part of the original manual page), send a mail to
man-pages@man7.org
Red Hat Sept 2023 CAPNG_APPLY(3)
Pages that refer to this page: capng_change_id(3), capng_fill(3), capng_lock(3)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|