capng_setpid - Linux


Overview

capng_setpid modifies capabilities in a running process. It allows administrators to adjust the privileges of a specific process without stopping or restarting it. Typically used with containerization or privilege isolation mechanisms.

Syntax

capng_setpid [options] <pid> <capability-set>

Options/Flags

  • -h, –help: Display usage information.
  • -V, –version: Show the version number.

Examples

Grant root capabilities to a running process:

capng_setpid 1000 CAP_SYS_ADMIN

Remove the CAP_NET_ADMIN capability from a process:

capng_setpid 5000 - CAP_NET_ADMIN

Set multiple capabilities:

capng_setpid 8562 CAP_SYS_ADMIN,CAP_DAC_READ_SEARCH

Common Issues

  • Permission denied: Ensure you have sufficient privileges to modify capabilities of the target process.
  • Invalid capability: Check that the specified capability is valid. You can use capng_getpid to list available capabilities.

Integration

With docker: Use capng_setpid to modify capabilities within Docker containers:

docker exec --user root container_id capng_setpid $PID CAP_CHOWN

Related Commands