Ubuntu Manpages

PR_CAPBSET_DROP

drop a capability from the calling thread's capability bounding set

Standard C library (libc-lc)

#include <linux/prctl.h>  /* Definition of PR_* constants */
#include <sys/prctl.h>
int prctl(PR_CAPBSET_DROP, long cap);

Drop the capability specified by cap from the calling thread's capability bounding set. Any children of the calling thread will inherit the newly reduced bounding set.

On success, 0 is returned. On error, -1 is returned, and errno is set to indicate the error.

File capabilities are not enabled in the kernel.
cap does not specify a valid capability.
The caller does not have the CAP_SETPCAP capability.

A higher-level interface layered on top of this operation is provided in the libcap(3) library in the form of cap_drop_bound(3).

Linux.

Linux 2.6.25.

prctl(2), PR_CAPBSET_READ(2const), libcap(3), cap_drop_bound(3)