Manual Pages  — CAP_RIGHTS_INIT

cap_rights_set(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT, CAP_SEEK);

The complete list of the capability rights can be found in the rights(4) manual page.

The cap_rights_init() function initialize provided cap_rights_t structure. Only properly initialized structure can be passed to the remaining functions. For convenience the structure can be filled with capability rights instead of calling the cap_rights_set() function later. For even more convenience pointer to the given structure is returned, so it can be directly passed to cap_rights_limit(2):

cap_rights_t rights;

if (cap_rights_limit(fd, cap_rights_init(&rights, CAP_READ, CAP_WRITE)) < 0)
        err(1, "Unable to limit capability rights");

The cap_rights_set() function adds the given capability rights to the given cap_rights_t structure.

The cap_rights_clear() function removes the given capability rights from the given cap_rights_t structure.

The cap_rights_is_set() function checks if all the given capability rights are set for the given cap_rights_t structure.

The cap_rights_is_valid() function verifies if the given cap_rights_t structure is valid.

The cap_rights_merge() function merges all capability rights present in the src structure into the dst structure.

The cap_rights_remove() function removes all capability rights present in the src structure from the dst structure.

The cap_rights_contains() function checks if the big structure contains all capability rights present in the little structure.

cap_rights_t rights;
int fd;

fd = open("/tmp/foo", O_RDWR);
if (fd < 0)
        err(1, "open() failed");

cap_rights_init(&rights, CAP_FSTAT, CAP_READ);

if (allow_write_and_seek)
        cap_rights_set(&rights, CAP_WRITE, CAP_SEEK);

if (dont_allow_seek)
        cap_rights_clear(&rights, CAP_SEEK);

if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
        err(1, "cap_rights_limit() failed");