Rechercher une page de manuel
capget
Langue: ja
Version: 2004-06-21 (openSuse - 09/10/07)
Section: 2 (Appels système)
̾Á°
capget, capset - ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÀßÄê/¼èÆÀ¤¹¤ë½ñ¼°
#undef _POSIX_SOURCE#include <sys/capability.h>
int capget(cap_user_header_t hdrp, cap_user_data_t datap);
int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
ÀâÌÀ
Linux 2.2 ¤Ç¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼ (root) ¤Î¸¢¸Â¤Ï¡¢¤½¤ì¤¾¤ì¸ÄÊ̤Υ±¡¼¥Ñ¥Ó¥ê¥Æ¥£ (capabilities) ¤Ø¤Èʬ³ä¤µ¤ì¡¢¤½¤Î½¸¹ç¤È¤·¤Æɽ¸½¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¡£ ¤¹¤Ù¤Æ¤Î¥¹¥ì¥Ã¥É¤Ï¡Ö¼Â¸ú¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£ (effective capability) ¤Î½¸¹ç¡×¤ò»ý¤Á¡¢ ¤½¤ì¤Ë¤è¤Ã¤Æ¸½ºß¤É¤ÎÁàºî¤¬¼Â¹Ô²Äǽ¤«¤ò¼±Ê̤Ǥ¤ë¡£ ¤Þ¤¿¡¢¤¹¤Ù¤Æ¤Î¥¹¥ì¥Ã¥É¤Ï¡¢ ¡Ö·Ñ¾µ²Äǽ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£ (inheritable capability) ¤Î½¸¹ç¡×¤È ¡Öµö²Ä¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£ (permitted capability) ¤Î½¸¹ç¡×¤ò»ý¤Ä¡£ ¡Ö·Ñ¾µ²Äǽ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Î½¸¹ç¡×¤Ï execve(2) ¤òÄ̤¸¤ÆÅϤ¹¤³¤È¤¬¤Ç¤¤ë¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Î½¸¹ç¤Ç¤¢¤ê¡¢ ¡Öµö²Ä¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£ (permitted capability) ¤Î½¸¹ç¡×¤Ï ¼Â¸ú¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤ä·Ñ¾µ²Äǽ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤Ç͸ú¤Ë¤Ç¤¤ë ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òµ¬Äꤹ¤ë¤â¤Î¤Ç¤¢¤ë¡£¤³¤ÎÆó¤Ä¤Î´Ø¿ô¤Ï¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤ò¼èÆÀ¤·¤¿¤êÀßÄꤷ¤¿¤ê¤¹¤ë¤¿¤á¤ÎÀ¸¤Î ¥«¡¼¥Í¥ë¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Ç¤¢¤ë¡£¤³¤ì¤é¤Î¥·¥¹¥Æ¥à¥³¡¼¥ë¤Ï Linux ÆÃÍ¤Ç ¤¢¤ë¤È¤¤¤¦¤Î¤ß¤Ê¤é¤º¡¢¥«¡¼¥Í¥ë API ¤ÏÊѹ¹¤µ¤ì¤ë¤«¤â¤·¤ì¤º¡¢¤³¤ì¤é¤Î ´Ø¿ô¤Î»ÈÍÑË¡ (ÆÃ¤Ë cap_user_*_t ·¿¤È¤¤¤¦½ñ¼°) ¤Ï¤½¤ì¤¾¤ì¤Î¥«¡¼¥Í¥ë¤Î¥ê¥Ó¥¸¥ç¥ó¤ÇÊѹ¹¤µ¤ì¤ë¤«¤â¤·¤ì¤Ê¤¤¡£
°Ü¿¢À¤Î¤¢¤ë¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Ï cap_set_proc(3) ¤È cap_get_proc(3) ¤Ç¤¢¤ë¡£ ²Äǽ¤Ê¤é¤Ð¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¤³¤ì¤é¤Î´Ø¿ô¤ò»ÈÍѤ¹¤Ù¤¤Ç¤¢¤ë¡£ ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë Linux ³ÈÄ¥¤ò»ÈÍѤ·¤¿¤¤¾ì¹ç¤Ë¤Ï¡¢¤è¤ê´Êñ¤Ë »È¤¨¤ë¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Ç¤¢¤ë capsetp(3) ¤È capgetp(3) ¤ò»ÈÍѤ¹¤Ù¤¤Ç¤¢¤ë¡£
¸½ºß¤Î¾ÜºÙ
¸½ºß¤Î¥«¡¼¥Í¥ë¤Î¾ÜºÙ¤Ë¤Ä¤¤¤ÆÃí°Õ¤ò½Ò¤Ù¤Æ¤ª¤¯¡£ ¹½Â¤ÂΤϰʲ¼¤Î¤è¤¦¤ËÄêµÁ¤µ¤ì¤ë¡£
#define _LINUX_CAPABILITY_VERSION 0x19980330
typedef struct __user_cap_header_struct {
int version;
int pid;
} *cap_user_header_t;
typedef struct __user_cap_data_struct {
int effective;
int permitted;
int inheritable;
} *cap_user_data_t;
hdr ¤Î version ¥Õ¥£¡¼¥ë¥É¤Ë¾¤Î¥Ð¡¼¥¸¥ç¥ó¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢ ¤³¤Î¸Æ¤Ó½Ð¤·¤Ï EINVAL ¤òÊÖ¤·¡¢¤³¤Î¥Õ¥£¡¼¥ë¥É¤ò _LINUX_CAPABILITY_VERSION ¤ËÀßÄꤹ¤ë¡£
hdr ¤Î pid ¥Õ¥£¡¼¥ë¥É¤¬ 0 °Ê³°¤Î¾ì¹ç¡¢ ¤³¤Î¸Æ¤Ó½Ð¤·¤Ï pid ¤Ç»ØÄꤵ¤ì¤¿¥¹¥ì¥Ã¥É¤Î¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÂоݤËÆ°ºî¤¹¤ë¡£ pid ¤¬ 0 ¤Î¾ì¹ç¤Ï¸Æ¤Ó½Ð¤·¸µ¤Î¥¹¥ì¥Ã¥É¤Î¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÂоݤËÆ°ºî¤¹¤ë¡£ pid ¤¬¥·¥ó¥°¥ë¥¹¥ì¥Ã¥É¡¦¥×¥í¥»¥¹¤ò»²¾È¤·¤Æ¤¤¤ë¾ì¹ç¡¢ pid ¤Ï°ÊÁ°¤«¤é»È¤ï¤ì¤Æ¤¤¤ë¥×¥í¥»¥¹ID ¤ò»È¤Ã¤Æ»ØÄê¤Ç¤¤ë¡£ ¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¡¦¥×¥í¥»¥¹Æâ¤Î¤¢¤ë¥¹¥ì¥Ã¥É¤òÂоݤˤ¹¤ë¾ì¹ç¤Ï¡¢ gettid(2) ¤¬ÊÖ¤¹¥¹¥ì¥Ã¥ÉID ¤òÍѤ¤¤Æ»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¡£ ¤Þ¤¿¡¢ capset() ¤Ç¤Ï -1 ¤ä -1 ¤è¤ê¾®¤µ¤ÊÃͤò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£ -1 ¤Ï¸Æ¤Ó½Ð¤·¸µ¤È init(8) ¤ò½ü¤¯Á´¤Æ¤Î¥¹¥ì¥Ã¥É¤òÂоݤȤ·¤ÆÊѹ¹¤ò¹Ô¤¦¤³¤È¤ò¡¢ -1 ¤è¤ê¾®¤µ¤ÊÃÍ¤Ï ID ¤¬ -pid ¤Î¥×¥í¥»¥¹¥°¥ë¡¼¥×¤ÎÁ´¥á¥ó¥Ð ¤òÂоݤȤ·¤ÆÊѹ¹¤ò¹Ô¤¦¤³¤È¤ò°ÕÌ£¤¹¤ë¡£
¤³¤Î¥Ç¡¼¥¿¤Î¾ÜºÙ¤Ï capabilities(7) ¤ò»²¾È¤¹¤ë¤³¤È¡£
ÊÖ¤êÃÍ
À®¸ù¤·¤¿¾ì¹ç¤Ë¤Ï 0 ¤òÊÖ¤¹¡£¥¨¥é¡¼¤Î¾ì¹ç¤Ë¤Ï -1 ¤òÊÖ¤·¡¢ errno ¤òŬÀÚ¤ËÀßÄꤹ¤ë¡£¥¨¥é¡¼
- EFAULT
- ÉÔÀµ¤Ê¥á¥â¥ê¥¢¥É¥ì¥¹¡£ hdrp ¤È datap ¤Î¤É¤Á¤é¤â¤¬ NULL ¤Ç¤¢¤ë¡£
- EINVAL
- °ú¤¿ô¤Î¤É¤ì¤«¤¬Ìµ¸ú¤Ç¤¢¤ë¡£
- EPERM
- ¡Öµö²Ä¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¥»¥Ã¥È¡×¤Ë¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÄɲ䷤褦¤È¤·¤Æ¤¤¤ë¤«¡¢ ¤â¤·¤¯¤Ï¡Öµö²Ä¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¥»¥Ã¥È¡×¤Ë´Þ¤Þ¤ì¤Ê¤¤¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤ò ¡Ö¼Â¸ú¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¥»¥Ã¥È¡×¤ä¡Ö·Ñ¾µ²Äǽ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¥»¥Ã¥È¡×¤Ë ¥»¥Ã¥È¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¡£
- EPERM
- ¸Æ¤Ó½Ð¤·¸µ¤¬¼«Ê¬°Ê³°¤Î¥¹¥ì¥Ã¥É¤Î¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤ò capset() ¤ò»È¤Ã¤Æ½¤Àµ¤·¤è¤¦¤È¤·¤¿¤¬¡¢½½Ê¬¤ÊÆø¢¤¬¤Ê¤«¤Ã¤¿¡£ CAP_SETPCAP ¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤¬É¬ÍפǤ¢¤ë¡£ (¥Ð¡¼¥¸¥ç¥ó 2.6.11 ¤è¤êÁ°¤Î¥«¡¼¥Í¥ë¤Ë¤Ï¡¢ ¤³¤Î¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤ò»ý¤¿¤Ê¤¤¥¹¥ì¥Ã¥É¤¬ pid ¥Õ¥£¡¼¥ë¥É¤Ë 0 ¤Ç¤Ê¤¤ÃÍ (¤Ä¤Þ¤ê¡¢0 ¤ÎÂå¤ï¤ê¤Ë getpid(2) ¤¬ÊÖ¤¹ÃÍ) ¤ò»ØÄꤷ¤Æ¼«Ê¬¼«¿È¤Î¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÊѹ¹¤·¤è¤¦¤È¤·¤¿¾ì¹ç¤Ë¤â¡¢ ¤³¤Î¥¨¥é¡¼¤¬È¯À¸¤¹¤ë¤È¤¤¤¦¥Ð¥°¤¬¤¢¤Ã¤¿¡£)
- ESRCH
- ¤½¤Î¤è¤¦¤Ê¥¹¥ì¥Ã¥É¤¬Â¸ºß¤·¤Ê¤¤¡£
½àµò
¤³¤ì¤é¤Î¥·¥¹¥Æ¥à¥³¡¼¥ë¤Ï Linux Æȼ«¤Ç¤¢¤ë¡£È÷¹Í
¥±¡¼¥Ñ¥Ó¥ê¥Æ¥£¤òÀßÄꤷ¤¿¤ê¼èÆÀ¤·¤¿¤ê¤¹¤ëµ¡Ç½¤Î¤¿¤á¤Î°Ü¿¢À¤¢¤ë ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Ï libcap ¥é¥¤¥Ö¥é¥ê¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤ë¡£ ¤³¤Î¥é¥¤¥Ö¥é¥ê¤Ï°Ê²¼¤«¤éÆþ¼ê¤Ç¤¤ë:ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs
´ØÏ¢¹àÌÜ
clone(2), gettid(2), capabilities(7)Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre