Scroll to navigation

CAPNG_STAGE_ADDITIONAL_GROUPS(3) Libcap-ng API CAPNG_STAGE_ADDITIONAL_GROUPS(3)

NAME

capng_stage_additional_groups - stage additional gids for capng_change_id

SYNOPSIS

#include <cap-ng.h>

int capng_stage_additional_groups(const gid_t *gids, size_t count);

DESCRIPTION

This function stages an additional gid list for the next capng_change_id(3) call that uses CAPNG_APPLY_STAGED_GROUPS. The gids are copied into libcap-ng internal state. Once capng_change_id returns, libcap-ng clears the staged gids whether they were applied, ignored because the flag was not set, or discarded because the call failed. If staged gids remain unused, libcap-ng also clears them when the thread-local state is deinitialized.

Passing a count of 0 clears any currently staged gids.

Normally, you should stick to using the supplemantal groups that are associated with the uid's account that is being changed to. This is provided to simulate the gid model that systemd uses. This interface is available in libcap-ng 0.9.3 and later.

RETURN VALUE

This returns 0 on success and -1 on failure. A non-zero count with a NULL gids pointer fails with errno set to EINVAL.

SEE ALSO

capng_change_id(3), capabilities(7)

AUTHOR

Steve Grubb

Mar 2026 Red Hat