How do capabilities actually get set

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I'm learning about something that I didn't even know was in Linux for quite
 some time now: capabilities.  How do they actually get set?

I did something like this:

#include <iostream>
#include <sys/types.h>
#include <unistd.h>
#include <sys/capabilities.h>

int main() {
    cap_t caps = cap_get_pid(getpid());

    std::cout << "capabilities: " << cap_to_text(caps) << std::endl;
    return 0;

Which returns "=".  It seems unlikely that the process has no capabilitie
s.  Plus, every code example I've found thus far (which isn't many) shows t
hat one first allocates a cap_t struct with cap_init() and then sets the va
lues he wishes and then calls cap_set_pid() or similar.  Is this how it's s
upposed to be used?

I have no idea if it makes any difference but I'm using CentOS 6.2.


Site Timeline