blob: 68de56b2492c971646288cd247bfd75bbac6c304 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Description
===========
The first example drops caps except setuid/gid, then change to a user, then
regain a specific capability.
The second example sets the inheritable caps and drops all caps except
setuid/gid, then change to a user, then execve a program which is assumed to
have same set of inheritable caps sets in its xattrs + effective flag. Thus
the result is the launched program has only a specific capability and nobody
can automatically gain (as opposed to effective + permited file caps) the
allowed capability. Only the runner can do it.
License
=======
Unless specified otherwise, this project is licensed under the terms of the
MIT license. You should have received a copy of the MIT License along with
this program. If not, see <https://opensource.org/licenses/MIT>.
SPDX-License-Identifier: MIT
Copyright © 2016 vg <vg@devys.org>
Contact
=======
developer
vg
mail
vg@devys.org
|