Top Content Up
Prec

2.5 Enhancing the capability system

Next

The Linux capability system, is still a work in progress. At some point, we expect to see capabilities attached to programs, generalizing the setuid concept. A setuid program would become a program with all capability granted.

For now, this is not available. As explained above a process may request to loose capabilities and its child process will be trapped with a smaller capability set.

Well, ..., it does not work that way. Unfortunately, until capabilities could be assigned to program, we still need a way to get back capabilities even in a child process. So the irreversible logic of the capabilities is kind of short circuited in the kernel.

To solve this, we have introduced a new per-process capability ceiling (cap_bset). This one represents the capability set inherited by child process, including setuid root child process. Lowering this ceiling is irreversible for a process and all its child.

This ceiling is handled by the new_s_context system call and the reducecap and chcontext utilities (part of the vserver package).

Using this, we can setup a virtual server environment where root has less capabilities, so can't reconfigure the main server.

Top Content Up
Prec

Next
Table of content
One big HTML document