Manpages

NAME

captree - display tree of process capabilities

SYNOPSIS

captree [OPTIONS] [(pid|glob-name) ...]

DESCRIPTION

captree displays the capabilities on the mentioned processes indicated by pid or glob-name value(s) given on the command line. If no pid etc values are supplied, pid=1 is implied. A pid value of 0 displays all the processes known to the kernel.

The POSIX.1e capabilities are displayed in double quotes in the cap_from_text(3) format. The IAB tuple of capabilities is displayed between square brackets in the text format described in cap_iab(3). Note, the IAB tuple text is omitted if it contains empty A and B components. This is because the regular POSIX.1e text contains information about the Inheritable flag already. This behavior can be overridden with the --verbose command line argument.

Optional arguments (which must precede the list of pid|glob-name values):

--help

Displays usage information and exits. Note, modern Go runtimes exit with status 0 in this case, but older runtimes exit with status 2.

--verbose

Displays capability sets and IAB tuples even when they are empty, or redundant.

--depth=n

Displays the process tree to a depth of n. Note, the default value for this parameter is 0, which implies infinite depth.

--colo[u]r=false

Colo[u]rs the targeted PIDs, if stdout is a TTY, in red. This option defaults to true when running via a TTY. The --color=false argument will suppress this color. Piping the output into some other program will also suppress the use of colo[u]r.

EXIT STATUS

If the supplied target cannot be found the exit status is 1. Should an unrecognized option be provided, the exit status is 2. Otherwise, captree exits with status 0.

REPORTING BUGS

Please report bugs via:
https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757

SEE ALSO

cap_from_text(3), capabilities(7), and cap_iab(3).

There is a longer article about captree, which includes some examples, here:

https://sites.google.com/site/fullycapable/captree

AUTHOR

Andrew G. Morgan <morgan [AT] kernel.org>