Capabilities 809{
cap_t caps;
cap_value_t capList[1];
/ Retrieve caller's current capabilities /
caps = cap_get_proc();
if (caps == NULL)
return -1;
/ Change setting of 'capability' in the effective set of 'caps'. The
third argument, 1, is the number of items in the array 'capList'. /
capList[0] = capability;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, capList, setting) == -1) {
cap_free(caps);
return -1;
}
/ Push modified capability sets back to kernel, to change
caller's capabilities /
if (cap_set_proc(caps) == -1) {
cap_free(caps);
return -1;
}
/ Free the structure that was allocated by libcap /
if (cap_free(caps) == -1)
return -1;
return 0;
}
static int / Raise capability in caller's effective set /
raiseCap(int capability)
{
return modifyCap(capability, CAP_SET);
}
/ An analogous dropCap() (unneeded in this program), could be
defined as: modifyCap(capability, CAP_CLEAR); /
static int / Drop all capabilities from all sets /
dropAllCaps(void)
{
cap_t empty;
int s;
empty = cap_init();
if (empty == NULL)
return -1;
s = cap_set_proc(empty);