aboutsummaryrefslogtreecommitdiffstats
path: root/readme.rst
blob: 68de56b2492c971646288cd247bfd75bbac6c304 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Description
===========

The first example drops caps except setuid/gid, then change to a user, then
regain a specific capability.

The second example sets the inheritable caps and drops all caps except
setuid/gid, then change to a user, then execve a program which is assumed to
have same set of inheritable caps sets in its xattrs + effective flag. Thus
the result is the launched program has only a specific capability and nobody
can automatically gain (as opposed to effective + permited file caps) the
allowed capability. Only the runner can do it.

License
=======

Unless specified otherwise, this project is licensed under the terms of the
MIT license. You should have received a copy of the MIT License along with
this program. If not, see <https://opensource.org/licenses/MIT>.

SPDX-License-Identifier: MIT

Copyright © 2016 vg <vg@devys.org>

Contact
=======

developer
    vg

mail
    vg@devys.org