capng_setpid - Linux
Overview
capng_setpid modifies capabilities in a running process. It allows administrators to adjust the privileges of a specific process without stopping or restarting it. Typically used with containerization or privilege isolation mechanisms.
Syntax
capng_setpid [options] <pid> <capability-set>
Options/Flags
- -h, –help: Display usage information.
- -V, –version: Show the version number.
Examples
Grant root capabilities to a running process:
capng_setpid 1000 CAP_SYS_ADMIN
Remove the CAP_NET_ADMIN
capability from a process:
capng_setpid 5000 - CAP_NET_ADMIN
Set multiple capabilities:
capng_setpid 8562 CAP_SYS_ADMIN,CAP_DAC_READ_SEARCH
Common Issues
- Permission denied: Ensure you have sufficient privileges to modify capabilities of the target process.
- Invalid capability: Check that the specified capability is valid. You can use
capng_getpid
to list available capabilities.
Integration
With docker
: Use capng_setpid
to modify capabilities within Docker containers:
docker exec --user root container_id capng_setpid $PID CAP_CHOWN