Man page - capng_lock(3)
Packages contas this manual
- capng_restore_state(3)
- capng_get_rootid(3)
- capng_fill(3)
- capng_capability_to_name(3)
- capng_setpid(3)
- capng_print_caps_text(3)
- capng_name_to_capability(3)
- libdrop_ambient(7)
- capng_print_caps_numeric(3)
- capng_have_capability(3)
- capng_clear(3)
- capng_save_state(3)
- capng_update(3)
- capng_updatev(3)
- capng_apply_caps_fd(3)
- capng_get_caps_process(3)
- capng_apply(3)
- capng_have_capabilities(3)
- capng_lock(3)
- capng_change_id(3)
- capng_get_caps_fd(3)
- capng_set_rootid(3)
apt-get install libcap-ng-dev
Manual
| CAPNG_LOCK(3) | Libcap-ng API | CAPNG_LOCK(3) |
NAME
capng_lock - lock the current process capabilities settings
SYNOPSIS
#include <cap-ng.h>
int capng_lock(void);
DESCRIPTION
capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.
RETURN VALUE
This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options.
SEE ALSO
capng_apply(3), prctl(2), capabilities(7)
AUTHOR
Steve Grubb
| June 2009 | Red Hat |