X-Git-Url: http://git.osdn.net/view?a=blobdiff_plain;f=original%2Fman7%2Fcapabilities.7;h=405c4a0f74966d03e91c21a838d4a211f272077f;hb=781fb70b02c5d368a8ccd67d3c074c7aa8eb0c1a;hp=c09c0555d5ef4bdc8ee969c88b9319944120fd29;hpb=633a2252e0be3c867dce264a180a89ce8181d36f;p=linuxjm%2FLDP_man-pages.git diff --git a/original/man7/capabilities.7 b/original/man7/capabilities.7 index c09c0555..405c4a0f 100644 --- a/original/man7/capabilities.7 +++ b/original/man7/capabilities.7 @@ -41,13 +41,14 @@ .\" Add text noting that if we set the effective flag for one file .\" capability, then we must also set the effective flag for all .\" other capabilities where the permitted or inheritable bit is set. +.\" 2011-09-07, mtk/Serge hallyn: Add CAP_SYSLOG .\" -.TH CAPABILITIES 7 2010-01-31 "Linux" "Linux Programmer's Manual" +.TH CAPABILITIES 7 2012-03-05 "Linux" "Linux Programmer's Manual" .SH NAME capabilities \- overview of Linux capabilities .SH DESCRIPTION For the purpose of performing permission checks, -traditional Unix implementations distinguish two categories of processes: +traditional UNIX implementations distinguish two categories of processes: .I privileged processes (whose effective user ID is 0, referred to as superuser or root), and @@ -125,6 +126,8 @@ set the set-group-ID bit for a file whose GID does not match the file system or any of the supplementary GIDs of the calling process. .TP .B CAP_IPC_LOCK +.\" FIXME As at Linux 3.2, there are some strange uses of this capability +.\" in other places; they probably should be replaced with something else. Lock memory .RB ( mlock (2), .BR mlockall (2), @@ -173,10 +176,38 @@ Create special files using .BR mknod (2). .TP .B CAP_NET_ADMIN -Perform various network-related operations -(e.g., setting privileged socket options, -enabling multicasting, interface configuration, -modifying routing tables). +Perform various network-related operations: +.PD 0 +.RS +.IP * 2 +interface configuration; +.IP * +administration of IP firewall, masquerading, and accounting +.IP * +modify routing tables; +.IP * +bind to any address for transparent proxying; +.IP * +set type-of-service (TOS) +.IP * +clear driver statistics; +.IP * +set promiscuous mode; +.IP * +enabling multicasting; +.IP * +use +.BR setsockopt (2) +to set the following socket options: +.BR SO_DEBUG , +.BR SO_MARK , +.BR SO_PRIORITY +(for a priority outside the range 0 to 6), +.BR SO_RCVBUFFORCE , +and +.BR SO_SNDBUFFORCE . +.RE +.PD .TP .B CAP_NET_BIND_SERVICE Bind a socket to Internet domain privileged ports @@ -186,12 +217,19 @@ Bind a socket to Internet domain privileged ports (Unused) Make socket broadcasts, and listen to multicasts. .TP .B CAP_NET_RAW -Use RAW and PACKET sockets. +.PD 0 +.RS +.IP * 2 +use RAW and PACKET sockets; +.IP * +bind to any address for transparent proxying. +.RE +.PD .\" Also various IP options and setsockopt(SO_BINDTODEVICE) .TP .B CAP_SETGID Make arbitrary manipulations of process GIDs and supplementary GID list; -forge GID when passing socket credentials via Unix domain sockets. +forge GID when passing socket credentials via UNIX domain sockets. .TP .BR CAP_SETFCAP " (since Linux 2.6.24)" Set file capabilities. @@ -223,7 +261,7 @@ Make arbitrary manipulations of process UIDs .BR setreuid (2), .BR setresuid (2), .BR setfsuid (2)); -make forged UID when passing socket credentials via Unix domain sockets. +make forged UID when passing socket credentials via UNIX domain sockets. .\" FIXME CAP_SETUID also an effect in exec(); document this. .TP .B CAP_SYS_ADMIN @@ -240,6 +278,17 @@ Perform a range of system administration operations including: and .BR setdomainname (2); .IP * +perform privileged +.BR syslog (2) +operations (since Linux 2.6.37, +.BR CAP_SYSLOG +should be used to permit such operations); +.IP * +perform +.B VM86_REQUEST_IRQ +.BR vm86 (2) +command; +.IP * perform .B IPC_SET and @@ -276,18 +325,60 @@ in system calls that open files (e.g., .BR pipe (2)); .IP * employ -.B CLONE_NEWNS -flag with +.B CLONE_* +flags that create new namespaces with .BR clone (2) and .BR unshare (2); .IP * +call +.BR perf_event_open (2); +.IP * +access privileged +.I perf +event information; +.IP * +call +.BR setns (2); +.IP * +call +.BR fanotify_init (2); +.IP * perform .B KEYCTL_CHOWN and .B KEYCTL_SETPERM .BR keyctl (2) -operations. +operations; +.IP * +perform +.BR madvise (2) +.B MADV_HWPOISON +operation; +.IP * +employ the +.B TIOCSTI +.BR ioctl (2) +to insert characters into the input queue of a terminal other than +the caller's controlling terminal. +.IP * +employ the obsolete +.BR nfsservctl (2); +system call; +.IP * +employ the obsolete +.BR bdflush (2) +system call; +.IP * +perform various privileged block-device +.BR ioctl (2) +operations; +.IP * +perform various privileged file-system +.BR ioctl (2) +operations; +.IP * +perform administrative operations on many device drivers. .RE .PD .TP @@ -358,7 +449,10 @@ Use .TP .B CAP_SYS_PTRACE Trace arbitrary processes using -.BR ptrace (2) +.BR ptrace (2); +apply +.BR get_robust_list (2) +to arbitrary processes. .TP .B CAP_SYS_RAWIO Perform I/O port operations @@ -366,7 +460,11 @@ Perform I/O port operations and .BR ioperm (2)); access -.IR /proc/kcore . +.IR /proc/kcore ; +employ the +.B FIBMAP +.BR ioctl (2) +operation. .TP .B CAP_SYS_RESOURCE .PD 0 @@ -387,6 +485,12 @@ override .B RLIMIT_NPROC resource limit; .IP * +override maximum number of consoles on console allocation; +.IP * +override maximum number of keymaps; +.IP * +allow more than 64hz interrupts from the real-time clock; +.IP * raise .I msg_qbytes limit for a System V message queue above the limit in @@ -394,7 +498,24 @@ limit for a System V message queue above the limit in (see .BR msgop (2) and -.BR msgctl (2)). +.BR msgctl (2)); +.IP * +override the +.I /proc/sys/fs/pipe-size-max +limit when setting the capacity of a pipe using the +.B F_SETPIPE_SZ +.BR fcntl (2) +command. +.IP * +use +.BR F_SETPIPE_SZ +to increase the capacity of a pipe above the limit specified by +.IR /proc/sys/fs/pipe-max-size ; +.IP * +override +.I /proc/sys/fs/mqueue/queues_max +limit when creating POSIX message queues (see +.BR mq_overview (7)). .RE .PD .TP @@ -407,7 +528,25 @@ set real-time (hardware) clock. .TP .B CAP_SYS_TTY_CONFIG Use -.BR vhangup (2). +.BR vhangup (2); +employ various privileged +.BR ioctl (2) +operations on virtual terminals. +.TP +.BR CAP_SYSLOG " (since Linux 2.6.37)" +Perform privileged +.BR syslog (2) +operations. +See +.BR syslog (2) +for information on which operations require privilege. +.TP +.BR CAP_WAKE_ALARM " (since Linux 3.0)" +Trigger something that will wake up the system (set +.B CLOCK_REALTIME_ALARM +and +.B CLOCK_BOOTTIME_ALARM +timers). .\" .SS Past and Current Implementation A full implementation of capabilities requires that: @@ -576,7 +715,7 @@ except those masked out by the capability bounding set. .\" exec(), then it gets all capabilities in its .\" permitted set, and no effective capabilities This provides semantics that are the same as those provided by -traditional Unix systems. +traditional UNIX systems. .SS Capability bounding set The capability bounding set is a security mechanism that can be used to limit the capabilities that can be gained during an @@ -643,7 +782,7 @@ The system-wide capability bounding set feature was added to Linux starting with kernel version 2.2.11. .\" .PP -.B "Capability bounding set from Linux 2.6.25 onwards" +.B "Capability bounding set from Linux 2.6.25 onward" .PP From Linux 2.6.25, the .I "capability bounding set" @@ -669,9 +808,14 @@ A thread can determine if a capability is in its bounding set using the operation. Removing capabilities from the bounding set is only supported if file -capabilities are compiled into the kernel -(CONFIG_SECURITY_FILE_CAPABILITIES). -In that case, the +capabilities are compiled into the kernel. +In kernels before Linux 2.6.33, +file capabilities were an optional feature configurable via the +CONFIG_SECURITY_FILE_CAPABILITIES +option. +Since Linux 2.6.33, the configuration option has been removed +and file capabilities are always part of the kernel. +When file capabilities are compiled into the kernel, the .B init process (the ancestor of all processes) begins with a full bounding set. If file capabilities are not compiled into the kernel, then @@ -790,7 +934,7 @@ This flag is always cleared on an operation.) .TP .B SECBIT_NO_SETUID_FIXUP -Setting this flag stops the kernel from adjusting capability sets when +Setting this flag stops the kernel from adjusting capability sets when the threads's effective and file system UIDs are switched between zero and nonzero values. (See the subsection @@ -832,7 +976,7 @@ flags are inherited by child processes. During an .BR execve (2), all of the flags are preserved, except -.B SECURE_KEEP_CAPS +.B SECBIT_KEEP_CAPS which is always cleared. An application can use the following call to lock itself, @@ -915,10 +1059,12 @@ created on the system. .BR cap_init (3), .BR capgetp (3), .BR capsetp (3), +.BR libcap (3), .BR credentials (7), .BR pthreads (7), .BR getcap (8), .BR setcap (8) .PP +Comments on the purposes of various capabilities in .I include/linux/capability.h in the kernel source