cap_set_syscall - Linux


cap_set_syscall() is a Linux command that allows the modification of the list of system calls that can be made by a given process. It is used primarily to restrict or extend the capabilities of users or programs.


cap_set_syscall CAP_ACTION MODE CAP_LIST

Required Arguments

  • CAP_ACTION: Either "SET" or "CLEAR"
  • MODE: Either "MEMBER" or "INHERIT"
  • CAP_LIST: A comma-separated list of system call names


  • -r, --read: Read and display the current syscall filter.
  • -v, --verbose: Print more verbose information.
  • -h, --help: Print usage information.


Setting syscall filter

cap_set_syscall SET MEMBER chroot

Clearing syscall filter

cap_set_syscall CLEAR MEMBER chroot

Displaying the current filter

cap_set_syscall -r

Common Issues

  • Using an incorrect CAP_ACTION can lead to unexpected results.
  • Specifying invalid system calls in the CAP_LIST can result in errors.
  • Modifying the syscall filter might affect the behavior of child processes created after the change.


cap_set_syscall can be combined with other commands to restrict the capabilities of programs. For example:

exec cap_set_syscall SET MEMBER chroot /bin/bash

Related Commands

  • cap_set_proc
  • setfacl
  • chattr