NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON |
|
|
CAPNG_LOCK(3) Libcap-ng API CAPNG_LOCK(3)
capng_lock - lock the current process capabilities settings
#include <cap-ng.h> int capng_lock(void);
capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.
This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options.
capng_apply(3), prctl(2), capabilities(7)
Steve Grubb
This page is part of the libcap-ng (capabilities commands and
library (NG)) project. Information about the project can be
found at ⟨https://people.redhat.com/sgrubb/libcap-ng/⟩. It is
not known how to report bugs for this man page; if you know,
please send a mail to [email protected]. This page was obtained
from the tarball libcap-ng-0.8.5.tar.gz fetched from
⟨https://people.redhat.com/sgrubb/libcap-ng/index.html⟩ on
2024-06-14. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-
to-date source for the page, or you have corrections or
improvements to the information in this COLOPHON (which is not
part of the original manual page), send a mail to
[email protected]
Red Hat June 2009 CAPNG_LOCK(3)