DOKK / manpages / debian 11 / libelogind-dev-doc / sd_bus_creds_has_permitted_cap.3.en
SD_BUS_CREDS_GET_PID(3) sd_bus_creds_get_pid SD_BUS_CREDS_GET_PID(3)

sd_bus_creds_get_pid, sd_bus_creds_get_ppid, sd_bus_creds_get_tid, sd_bus_creds_get_uid, sd_bus_creds_get_euid, sd_bus_creds_get_suid, sd_bus_creds_get_fsuid, sd_bus_creds_get_gid, sd_bus_creds_get_egid, sd_bus_creds_get_sgid, sd_bus_creds_get_fsgid, sd_bus_creds_get_supplementary_gids, sd_bus_creds_get_comm, sd_bus_creds_get_tid_comm, sd_bus_creds_get_exe, sd_bus_creds_get_cmdline, sd_bus_creds_get_cgroup, sd_bus_creds_get_unit, sd_bus_creds_get_slice, sd_bus_creds_get_user_unit, sd_bus_creds_get_user_slice, sd_bus_creds_get_session, sd_bus_creds_get_owner_uid, sd_bus_creds_has_effective_cap, sd_bus_creds_has_permitted_cap, sd_bus_creds_has_inheritable_cap, sd_bus_creds_has_bounding_cap, sd_bus_creds_get_selinux_context, sd_bus_creds_get_audit_session_id, sd_bus_creds_get_audit_login_uid, sd_bus_creds_get_tty, sd_bus_creds_get_unique_name, sd_bus_creds_get_well_known_names, sd_bus_creds_get_description - Retrieve fields from a credentials object

#include <elogind/sd-bus.h>

int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid);

int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid);

int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid);

int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid);

int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *uid);

int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *uid);

int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *uid);

int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid);

int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *gid);

int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *gid);

int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *gid);

int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c, const gid_t **gids);

int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm);

int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm);

int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe);

int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline);

int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **cgroup);

int sd_bus_creds_get_unit(sd_bus_creds *c, const char **unit);

int sd_bus_creds_get_slice(sd_bus_creds *c, const char **slice);

int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **unit);

int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **slice);

int sd_bus_creds_get_session(sd_bus_creds *c, const char **slice);

int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid);

int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability);

int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability);

int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability);

int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability);

int sd_bus_creds_get_selinux_context(sd_bus_creds *c, const char **context);

int sd_bus_creds_get_audit_session_id(sd_bus_creds *c, uint32_t *sessionid);

int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *loginuid);

int sd_bus_creds_get_tty(sd_bus_creds *c, const char **tty);

int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **name);

int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***name);

int sd_bus_creds_get_description(sd_bus_creds *c, const char **name);

These functions return credential information from an sd_bus_creds object. Credential objects may be created with sd_bus_creds_new_from_pid(3), in which case they describe the credentials of the process identified by the specified PID, with sd_bus_get_name_creds(3), in which case they describe the credentials of a bus peer identified by the specified bus name, with sd_bus_get_owner_creds(3), in which case they describe the credentials of the creator of a bus, or with sd_bus_message_get_creds(3), in which case they describe the credentials of the sender of the message.

Not all credential fields are part of every "sd_bus_creds" object. Use sd_bus_creds_get_mask(3) to determine the mask of fields available.

sd_bus_creds_get_pid() will retrieve the PID (process identifier). Similarly, sd_bus_creds_get_ppid() will retrieve the parent PID. Note that PID 1 has no parent process, in which case -ENXIO is returned.

sd_bus_creds_get_tid() will retrieve the TID (thread identifier).

sd_bus_creds_get_uid() will retrieve the numeric UID (user identifier). Similarly, sd_bus_creds_get_euid() returns the effective UID, sd_bus_creds_get_suid() the saved UID and sd_bus_creds_get_fsuid() the file system UID.

sd_bus_creds_get_gid() will retrieve the numeric GID (group identifier). Similarly, sd_bus_creds_get_egid() returns the effective GID, sd_bus_creds_get_sgid() the saved GID and sd_bus_creds_get_fsgid() the file system GID.

sd_bus_creds_get_supplementary_gids() will retrieve the supplementary GIDs list.

sd_bus_creds_get_comm() will retrieve the comm field (truncated name of the executable, as stored in /proc/pid/comm).

sd_bus_creds_get_tid_comm() will retrieve the comm field of the thread (as stored in /proc/pid/task/tid/comm).

sd_bus_creds_get_exe() will retrieve the path to the program executable (as stored in the /proc/pid/exe link, but with the " (deleted)" suffix removed). Note that kernel threads do not have an executable path, in which case -ENXIO is returned. Note that this property should not be used for more than explanatory information, in particular it should not be used for security-relevant decisions. That's because the executable might have been replaced or removed by the time the value can be processed. Moreover, the kernel exports this information in an ambiguous way (i.e. a deleted executable cannot be safely distinguished from one whose name suffix is " (deleted)").

sd_bus_creds_get_cmdline() will retrieve an array of command line arguments (as stored in /proc/pid/cmdline). Note that kernel threads do not have a command line, in which case -ENXIO is returned.

sd_bus_creds_get_cgroup() will retrieve the control group path. See cgroups.txt[1].

sd_bus_creds_get_unit() will always return -ENODATA, as elogind can not support systemd units.

sd_bus_creds_get_user_unit() will always return -ENODATA, as elogind can not support systemd units.

sd_bus_creds_get_slice() will retrieve the current session, as this is the same as slices in elogind. See sd_bus_creds_get_session().

sd_bus_creds_get_user_slice() retrieves the the user session, as this is the same as the user slice in elogind. See sd_bus_creds_get_user_session().

sd_bus_creds_get_session() will retrieve the identifier of the login session that the process is a part of. Please note the login session may be limited to a stub process or two. User processes may instead be started from their elogind user manager, e.g. GUI applications started using DBus activation, as well as service processes which are shared between multiple logins of the same user. For processes that are not part of a session, returns -ENXIO.

sd_bus_creds_get_owner_uid() will retrieve the numeric UID (user identifier) of the user who owns the user unit or login session that the process is a part of. See

elogind-logind.service(8). For processes that are not part of a user unit or session, returns -ENXIO.

sd_bus_creds_has_effective_cap() will check whether the capability specified by capability was set in the effective capabilities mask. A positive return value means that it was set, zero means that it was not set, and a negative return value indicates an error. See capabilities(7).

sd_bus_creds_has_permitted_cap() is similar to sd_bus_creds_has_effective_cap(), but will check the permitted capabilities mask.

sd_bus_creds_has_inheritable_cap() is similar to sd_bus_creds_has_effective_cap(), but will check the inheritable capabilities mask.

sd_bus_creds_has_bounding_cap() is similar to sd_bus_creds_has_effective_cap(), but will check the bounding capabilities mask.

sd_bus_creds_get_selinux_context() will retrieve the SELinux security context (label) of the process.

sd_bus_creds_get_audit_session_id() will retrieve the audit session identifier of the process. Returns -ENXIO for processes that are not part of an audit session.

sd_bus_creds_get_audit_login_uid() will retrieve the audit user login identifier (the identifier of the user who is "responsible" for the session). Returns -ENXIO for processes that are not part of an audit session.

sd_bus_creds_get_tty() will retrieve the controlling TTY, without the prefixing "/dev/". Returns -ENXIO for processes that have no controlling TTY.

sd_bus_creds_get_unique_name() will retrieve the D-Bus unique name. See The D-Bus specification[2].

sd_bus_creds_get_well_known_names() will retrieve the set of D-Bus well-known names. See The D-Bus specification[2].

sd_bus_creds_get_description() will retrieve a descriptive name of the bus connection of the peer. This name is useful to discern multiple bus connections by the same peer, and may be altered by the peer with the sd_bus_set_description(3) call.

All functions that take a const char** parameter will store the answer there as an address of a NUL-terminated string. It will be valid as long as c remains valid, and should not be freed or modified by the caller.

All functions that take a char*** parameter will store the answer there as an address of an array of strings. Each individual string is NUL-terminated, and the array is NULL-terminated as a whole. It will be valid as long as c remains valid, and should not be freed or modified by the caller.

On success, these calls return 0 or a positive integer. On failure, these calls return a negative errno-style error code.

Returned errors may indicate the following problems:

-ENODATA

The given field is not available in the credentials object c.

-ENXIO

The given field is not specified for the described process or peer. This will be returned by sd_bus_creds_get_unit(), sd_bus_creds_get_slice(), sd_bus_creds_get_user_unit(), sd_bus_creds_get_user_slice(), and sd_bus_creds_get_session() if the process is not part of a elogind system unit, elogind user unit, elogind slice, or logind session. It will be returned by sd_bus_creds_get_owner_uid() if the process is not part of a elogind user unit or logind session. It will also be returned by sd_bus_creds_get_exe() and sd_bus_creds_get_cmdline() for kernel threads (since these are not started from an executable binary, nor have a command line), and by sd_bus_creds_get_audit_session_id() and sd_bus_creds_get_audit_login_uid() when the process is not part of an audit session, and sd_bus_creds_get_tty() if the process has no controlling TTY.

-EINVAL

Specified pointer parameter is NULL.

-ENOMEM

Memory allocation failed.

These APIs are implemented as a shared library, which can be compiled and linked to with the libelogind pkg-config(1) file.

elogind(8),

sd-bus(3), sd_bus_creds_new_from_pid(2), fork(2), execve(2), credentials(7), free(3), proc(5),

elogind.journal-fields(7)

1.
cgroups.txt
https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
2.
The D-Bus specification
http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus
elogind 246.9.1