NAME

       PR_CAPBSET_DROP - drop a capability from the calling thread's capability bounding set

LIBRARY

       Standard C library (libc, -lc)

SYNOPSIS

       #include <linux/prctl.h>  /* Definition of PR_* constants */
       #include <sys/prctl.h>

       int prctl(PR_CAPBSET_DROP, long cap);

DESCRIPTION

       Drop  the  capability  specified by cap from the calling thread's capability bounding set.
       Any children of the calling thread will inherit the newly reduced bounding set.

RETURN VALUE

       On success, 0 is returned.  On error, -1 is returned, and errno is  set  to  indicate  the
       error.

ERRORS

       EINVAL File capabilities are not enabled in the kernel.

       EINVAL cap does not specify a valid capability.

       EPERM  The caller does not have the CAP_SETPCAP capability.

VERSIONS

       A  higher-level  interface  layered  on top of this operation is provided in the libcap(3)
       library in the form of cap_drop_bound(3).

STANDARDS

       Linux.

HISTORY

       Linux 2.6.25.

SEE ALSO

       prctl(2), PR_CAPBSET_READ(2const) libcap(3), cap_drop_bound(3)