Change the ability set of the invoking process (QNX Neutrino)
- Specify an ability to be allowed or disallowed.
The ability-spec argument is a comma-separated list that contains the following, as required,
ignoring the case of the strings:
- the ability identifier, as defined in <sys/procmgr.h>, but omitting the PROCMGR_AID_ prefix (e.g., specify setuid for PROCMGR_AID_SETUID)
- allow or deny
- lock if you want to prevent the process from changing the ability
- root, nonroot, or all to specify the applicable domain
- inherit or noinherit
If the ability accepts a subrange, the above may be followed by a colon and a comma-separated list of subranges, in one of the following forms:
- two numbers separated by a hyphen (e.g., 4-27)
- one number followed by a hyphen (e.g., 4- indicates 4 and greater)
- a single number
The ability utility lets you allow or deny abilities for the invoking process. You can specify multiple abilities.
If you specify allow, deny, lock, root, nonroot, or all without an ability name, the action applies to all abilities not specifically mentioned in another -A option.
For more information about abilities, see the entry for procmgr_ability() in the QNX Neutrino C Library Reference.
- All abilities were successfully parsed and applied.
- An error occurred.
Deny forking while running as root, but allow the process to set _CS_HOSTNAME when non-root:
ability root,deny,fork nonroot,allow,confset:2