Stack Overflow
Stack Overflow

Questions tagged [linux-capabilities]

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute.

For the purpose of performing permission checks, traditional UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero).

Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list).

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute.

174 questions
0
votes
1 answer

Dropping priviliges inside of the container

One of my images requires mounting of devices. Thus, it needs cap_sys_admin when starting. However, I'd like to drop this capability once it is no longer needed. Is there some way of dropping the capability at a later stage?
Cyclonit
  • 185
  • 6
0
votes
2 answers

What does it means to have a capability only in the inheritable set?

My program is being run with cap_sys_admin,cap_setgid+i. Of course, I understand that they are inheritable across execve, but beside that : does they behave the same way as if I don’t have them at all since they are neither effective nor permitted?
user2284570
  • 2,891
  • 3
  • 26
  • 74
0
votes
1 answer

linux capabilities to rename a root owned file

For some component testing, in my C++ testapp on Ubuntu 14.04, I'd like to rename /sbin/reboot temporarily to prevent my system under test (another big c++ app started inside testapp) from calling system("/sbin/reboot") and after the test I want to…
x y
  • 911
  • 9
  • 27
0
votes
1 answer

msgsnd no permission error

I want to send messages between two processes. But I get a EACCES error when im trying to send a message with msgsnd() Creating the message queue const char* MSG_QUEUE = "/tmp/msg_queue"; int file = open(MSG_QUEUE, O_CREAT | O_RDWR | O_APPEND,…
mvollmer
  • 187
  • 2
  • 11
0
votes
1 answer

Developmental testing of programs using Linux's POSIX capabilities

I'm developing a project where the executables use Linux's POSIX capabilities rather than being setuid root. So far I've had to keep one root shell open so that each time I recompile I can redo the setcap command to give the needed capability to the…
Matthew Cline
  • 2,312
  • 1
  • 19
  • 36
0
votes
2 answers

Unable to set pthread priority on creation with SCHED_RR

How can I get pthread threads created with an initial priority? In the code below, I assert the caps necessary to do this, and in-fact, it does change the priority of the thread to 15, but for some reason the thread always starts out at priority 0,…
Maxthecat
  • 1,250
  • 17
  • 37
0
votes
1 answer

Using linux capabilities in c

I am trying to understand how capabilities work and I am using code from here: https://gist.github.com/sbz/1090868 I created an array with all the permissions: cap_value_t cap_list_[] = { CAP_CHOWN, CAP_DAC_OVERRIDE, …
AntonioCS
  • 8,335
  • 18
  • 63
  • 92
-1
votes
1 answer

How to get file capabilities in Linux using C/C++ with other method than system() system call?

I have a task to fulfil and part of it is to get certain file capabilities and check if they are set correctly using C/C++. I want to make sure that certain file has cap_new_raw+ep capability. What would be other way of achieving it than using…
Advent
  • 140
  • 15
-4
votes
1 answer

How to scan process capabilities

I would like to see the Linux capabilities of running processes.
sini
  • 11
1 2 3
11
12