cap/demo_file_caps.cThis is cap/demo_file_caps.c, an example to accompany the book, The Linux Programming Interface. This file is not printed in the book; it is a supplementary file for Chapter 39. The source code file is copyright 2025, Michael Kerrisk, and is licensed under the GNU General Public License, version 3. In the listing below, the names of Linux system calls and C library functions are hyperlinked to manual pages from the Linux man-pages project, and the names of functions implemented in the book are hyperlinked to the implementations of those functions.
|
/* demo_file_caps.c Display process credentials and capabilities, and attempt to open the file named in argv[1]. This program can be used to do a simple demonstration of file capabilities. If the executable is assigned the CAP_DAC_READ_SEARCH capability: setcap cap_dac_read_search=pe then it can open any file for reading. */ #define _GNU_SOURCE #include <sys/capability.h> #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <sys/stat.h> #include <errno.h> #include <string.h> #include <fcntl.h> #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \ } while (0)
int main(int argc, char *argv[]) { /* Fetch and display process capabilities */ cap_t caps = cap_get_proc(); if (caps == NULL) errExit("cap_get_proc"); char *str = cap_to_text(caps, NULL); if (str == NULL) errExit("cap_to_text"); printf("Capabilities: %s\n", str); cap_free(caps); cap_free(str); /* If an argument was supplied, try to open that file */ if (argc > 1) { int fd = open(argv[1], O_RDONLY); if (fd >= 0) printf("Successfully opened %s\n", argv[1]); else printf("Open failed: %s\n", strerror(errno)); } exit(EXIT_SUCCESS); }
Note that, in most cases, the programs rendered in these web pages are not free standing: you'll typically also need a few other source files (mostly in the lib/ subdirectory) as well. Generally, it's easier to just download the entire source tarball and build the programs with make(1). By hovering your mouse over the various hyperlinked include files and function calls above, you can see which other source files this file depends on.