+++ /dev/null
-.TH "reducecap" "8" "0.1.0" "Klavs Klavsen <kl@vsen.dk>" "System Administration"
-.SH "NAME"
-.LP
-reducecap \- The reducecap utility is used to lower the capability ceiling of a process and child process.
-.SH "SYNTAX"
-.LP
-reducecap [\fIoptions\fP] <\fIcommand arguments\fP>
-.SH "DESCRIPTION"
-.LP
-The reducecap utility is used to lower the capability ceiling of a process and child process. Even setuid program won't be able to grab more capabilities.
-.SH "OPTIONS"
-.LP
-.TP
-\fB\-\-secure\fR Removes all dangerous capabilities from the process executed.Specificly it removes:
-CAP_LINUX_IMMUTABLE CAP_NET_BROADCAST CAP_NET_ADMIN, CAP_NET_RAW CAP_IPC_LOCK CAP_IPC_OWNER CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_PACCT CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_NICE CAP_SYS_RESOURCE CAP_SYS_TIME CAP_MKNOD.
-
-Leaving the following capabilities:
-CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_TTY_CONFIG CAP_LEASE CAP_QUOTACTL
-.TP
-\fB\-\-show\fR Shows the current process capabilities.
-.TP
-\fB\-\-flag\fR
-sets the security context flags. The option may be repeated
-several times. Here are the values:
-
-lock: The security context can't be changed. The process is trapped
- in this context. This is generally used for vservers because yoy
- do not want them to hide in new security context.
-
-sched: Each process in a security context contribute (lower) to the general
- priority of every processes in the context. Mostly, all processes
- in a security context take as much CPU together as one process
- not bound to this flag. Said again differently, a vserver having
- 100 active processes won't get more CPU than another vserver
- with a single active process.
-
-
-nproc: The "ulimit -u N" setting becomes global to the security context. It means
- the security context is not allowed to have more than N processes.
-
-private: No other processes, even root in security context 0, is allowed to
- enter this security context. Once a security context is setup
- with this flag, it is on its own. This also means that root
- in security context 0 won't be able to kill or interact with those
- processes.
-
-hideinfo: Hides various information in /proc.
-
-.TP
-\fB--LINUX_IMMUTABLE\fR
-.TP
-\fB--NET_BIND_SERVICE\fR
-.TP
-\fB--NET_BROADCAST\fR
-.TP
-\fB--NET_ADMIN\fR
-.TP
-\fB--NET_RAW\fR
-.TP
-\fB--IPC_LOCK\fR
-.TP
-\fB--IPC_OWNER\fR
-.TP
-\fB--SYS_MODULE\fR
-.TP
-\fB--SYS_RAWIO\fR
-.TP
-\fB--SYS_PACCT\fR
-.TP
-\fB--SYS_ADMIN\fR
-.TP
-\fB--SYS_BOOT\fR
-.TP
-\fB--SYS_NICE\fR
-.TP
-\fB--SYS_RESOURCE\fR
-.TP
-\fB--SYS_TIME\fR
-.TP
-\fB--MKNOD\fR
-
-All these options remove one capability. These options may be used
-after the
-\fB--secure\fR
-option to remove more capabilities.
-
-
-.SH "FILES"
-.LP
-\fI/usr/sbin/reducecap\fP
-
-
-.SH "EXAMPLES"
-.LP
-# You are not root now
-# What is the current capability ceiling
-cat /proc/self/status
-# The capBset line presents mostly 1s.
-/usr/sbin/reducecap \-\-secure /bin/sh
-cat /proc/self/status
-# The capBset now shows many more 0s.
-# The capEff shows all 0s, you have no privilege now
-# We su to root
-su
-cat /proc/self/status
-# capEff is much better now, but there are still many 0s
-# Now we try to see if we are really root
-tail /var/log/messages
-# So far so good, we see the content
-/sbin/ifconfig eth0
-/sbin/ifconfig eth0 down
-# No way, we can't configure the interface. In fact
-# we have lost most privilege normally assigned to root
-exit
-.LP
-Please contribute some more, if you feel it's important.
-.SH "AUTHORS"
-.LP
-This Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon the helpful output from the program itself and the documentation on the Virtual Server site <http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0>
-.SH "SEE ALSO"
-.LP
-chcontext(8) rebootmgr(8) chbind(8)
-vps(8) vpstree(8) vrpm(8) vserver(8)
-vserver\-stat(8) vtop(8)
git://git.onelab.eu / util-vserver.git / blobdiff