PSCAP:(8) System Administration Utilities PSCAP:(8)

pscap - a program to see capabilities

pscap [ -a ] [ -p pid ] [ --tree ]

pscap is a program that prints out a report of process capabilities. If the application has any capabilities, it will be in the report. By giving a pid with the -p command line option, only the process specified with the pid is reported. If a process is not in the report, it has dropped all capabilities. If the process has partial capabilities, it is further examined to see if it has an open-ended bounding set. If this is found to be true, a '+' symbol is added. If the process has ambient capabilities, an '@' symbol is added.

The command name in the output may be followed by an asterisk mark (*). This mark denotes processes which run in child user namespaces (relative to the user namespace of pscap itself).

The --tree option causes the output of the program to be mapped into a tree structure so that the relationships between processes can be studied to see what capabilities might be leaked to child processes. In tree mode, each process label is shown as command(pid:account).

netcap(8), filecap(8), capabilities(7), ps(8).

Steve Grubb

March 2026 Red Hat