ironpenguin:admin_capceiling
capceiling with no arguments will display the current capabilities ceiling
capceiling (-|=)[ ]capability [capability...] <program>
run program with a reduced capability ceiling
The new ceiling is just a space delimited list of capabilities preceeded by either a '-' or '='
'=': The new capabilities ceiling will be exactly the capabilities specified on the command line minus any capabilities removed earlier.
'-': The capabilities listed on the command line will be subtracted from the existing capabilities.
'+': This is an error. Capabilities cannot be added to the ceiling.
<program> should be what is run with the modified capability ceiling (e.g. /bin/bash or /etc/init.d/apache).
The space between - or = and the first capability is optional.
ironpenguin/admin_capceiling.txt · Last modified: 2010/04/15 21:18 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
