CAP_ACQUIRE(3C)CAP_ACQUIRE(3C)NAME
cap_acquire, cap_surrender - make permitted set capabilities effective
or remove effective capabilities
SYNOPSIS
#include <sys/capability.h>
cap_t cap_acquire( int ncap, const cap_value_t *caps);
void cap_surrender( cap_t cap);
DESCRIPTIONcap_acquire activates the capabilities from the permitted set of the
process by making each of them active in the effective set for the
process.
cap_surrender sets the effective set to the capabilities specified in the
cap argument, and deallocates this structure.
RETURN VALUEScap_acquire returns the previous effective set, or NULL if there were
errors. NULL may also be returned if the process has no current
capability set. This return value has been allocated by the library, and
should be freed when no longer needed, most commonly by calling
cap_surrender to revert the effective set to its prior value.
cap_free(3c) may also be called directly to deallocate the structure.
cap_surrender has no return value.
ERRORS
cap_acquire:
EINVAL caps is null.
ENOSYS capabilities are not enabled.
EXAMPLE
1. Acquiring a capability
cap_value_t capv = CAP_MAC_WRITE; cap_t ocap;
ocap = cap_acquire(1, &capv);
/*Perform tasks that require capability acquired*/
cap_surrender(ocap);
2. Acquiring multiple capabilities
cap_value_t capv[] = {CAP_MAC_WRITE, CAP_MAC_READ, CAP_MAC_UPGRADE};
cap_t ocap;
ocap = cap_acquire(3, &capv);
Page 1
CAP_ACQUIRE(3C)CAP_ACQUIRE(3C)
/* Perform tasks that require capabilities acquired */
cap_surrender(ocap);
SEE ALSOcap_free(3c), capabilities(4).
Page 2