X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=man%2Fchcontext.8;fp=man%2Fchcontext.8;h=0000000000000000000000000000000000000000;hb=db5ef3f969fc6ad34aeb5903e44d0049b2e50791;hp=190542afcb66e32f38a07bf4595e10442644cba7;hpb=95e2774070e989fe9cf9f48dae5fa054e55e2a3e;p=util-vserver.git diff --git a/man/chcontext.8 b/man/chcontext.8 deleted file mode 100644 index 190542a..0000000 --- a/man/chcontext.8 +++ /dev/null @@ -1,103 +0,0 @@ -.TH "chcontext" "8" "0.1.0" "Klavs Klavsen " "System Administration" -.SH "NAME" -.LP -chcontext \- chcontext allocates a new security context and executes a command in that context. -.SH "SYNTAX" -.LP -chcontext [\fIoptions\fP] <\fIcommand arguments\fP> -.SH "DESCRIPTION" -.LP -chcontext allocates a new security context and executes a command in that context. -By default, a new/unused context is allocated -.SH "OPTIONS" -.LP -.TP -\fB\-\-cap\fR CAP_NAME -Add a capability from the command. This option may be repeated several time. See /usr/include/linux/capability.h In general, this option is used with the \-\-secure option. \-\-secure removes most critical capabilities and \-\-cap adds specific ones. -.TP -\fB\-\-cap\fR !CAP_NAME -Remove a capability from the command. This option may be repeated several time. See /usr/include/linux/capability.h -.TP -\fB\-\-ctx\fR num -Select the context. Only root in context 0 is allowed to select a specific context. -Context number 1 is special. It can see all processes in any contexts, but can't kill them though. -.TP -\fB\-\-disconnect\fR -Start the command in background and make the process a child of process 1. -.TP -\fB\-\-domainname\fR new_domainname -Set the domainname (NIS) in the new security context. -Use "none" to unset the domainname. -.TP -\fB\-\-flag\fR -Set one flag in the new or current security context. The following flags are supported. The option may be used several time. - lock: The new process is trapped and can't use - chcontext anymore. - sched: The new process and its children will - share a common execution priority. - nproc: Limit the number of process in the - vserver according to ulimit setting. - Normally, ulimit is a per user thing. - With this flag, it becomes a per vserver - thing. - private: No one can join this security context - once created. -.TP -\fB\-\-hostname\fR new_hostname -Set the hostname in the new security context. -This is needed because if you create a less privileged security context, it may be unable to change its hostname. -.TP -\fB\-\-secure\fR -Remove all the capabilities to make a virtual server trustable. -.TP -\fB\-\-silent\fR -Do not print the allocated context number. -.LP -Information about context is found in /proc/self/status -.SH "FILES" -.LP -\fI/usr/sbin/chcontext\fP - - -.SH "EXAMPLES" -.LP -# You must be root, running X. -# We start an xterm in another security context -/usr/sbin/chcontext xterm & - -# We check, there is no xterm running, yet we can -# see it. -ps ax | grep xterm - -# Are we running in security context 0 -# We check the s_context line in /proc/self/status -cat /proc/self/status - -# Ok we in security context 0 -# Try the security context 1 -/usr/sbin/chcontext \-\-ctx 1 ps ax | grep xterm - -# Ok, we see the xterm, we try to kill it -/usr/sbin/chcontext \-\-ctx 1 killall xterm - -# No, security context 1 can see, but can't kill -# let's find out in which security context this -# xterm is running -/usr/sbin/chcontext \-\-ctx 1 ps ax | grep xterm - -# Ok, this is PID XX. We need the security context -/usr/sbin/chcontext \-\-ctx 1 cat /proc/XX/status - -# We see the s_context, this is SS. -# We want to kill this process -/usr/sbin/chcontext \-\-ctx SS killall xterm -.LP -Please contribute some, if you feel it's important. -.SH "AUTHORS" -.LP -This Man page was written by Klavs Klavsen and based upon the helpful output from the program itself and the documentation on the Virtual Server site -.SH "SEE ALSO" -.LP -chbind(8) rebootmgr(8) reducecap(8) -vps(8) vpstree(8) vrpm(8) vserver(8) -vserver\-stat(8) vtop(8)