PR_CAPBSET_DROP - drop a capability from the calling thread's capability bounding set
NAME LIBRARY SYNOPSIS DESCRIPTION RETURN VALUE ERRORS VERSIONS STANDARDS HISTORY SEE ALSONAME
PR_CAPBSET_DROP − drop a capability from the calling thread’s capability bounding set
LIBRARY
Standard C library (libc, −lc)
SYNOPSIS
#include
<linux/prctl.h> /* Definition of PR_*
constants */
#include <sys/prctl.h>
int prctl(PR_CAPBSET_DROP, long cap);
DESCRIPTION
Drop the capability specified by cap from the calling thread’s capability bounding set. Any children of the calling thread will inherit the newly reduced bounding set.
RETURN VALUE
On success, 0 is returned. On error, −1 is returned, and errno is set to indicate the error.
ERRORS
|
EINVAL |
File capabilities are not enabled in the kernel. |
|||
|
EINVAL |
cap does not specify a valid capability. |
|||
|
EPERM |
The caller does not have the CAP_SETPCAP capability. |
VERSIONS
A higher-level interface layered on top of this operation is provided in the libcap(3) library in the form of cap_drop_bound(3).
STANDARDS
Linux.
HISTORY
Linux 2.6.25.
SEE ALSO
prctl(2), PR_CAPBSET_READ(2const), libcap(3), cap_drop_bound(3)