Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ capabilities(4) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

chcap(1)

cap_get_proc(3C)

cap_set_proc(3C)

cap_from_text(3C)

cap_to_text(3C)

capability(4)

dominance(5)



capabilities(4)                                                capabilities(4)



NAME
     capabilities - Capability Mechanism

SYNOPSIS
     #include <sys/capability.h>

DESCRIPTION
     The capability mechanism provides fine grained control over the
     privileges of a process.  As a process attribute, a capability allows the
     process to perform a specific set of restricted operations, without
     granting general override of the system's protection scheme.  A process
     can possess multiple capabilities.  Collectively, all defined
     capabilities comprise the set of abilities that are traditionally
     associated with the root user.

     Defined capabilities are:

     CAP_ACCT_MGT
          Privilege to use accounting setup system calls, acct(2).

     CAP_AUDIT_CONTROL
          Privilege to manage the system audit trail (satread(2) and
          satwrite(2) system calls).

     CAP_AUDIT_WRITE
          Privilege to write to the system audit trail, satwrite(2) system
          call.

     CAP_CHOWN
          Privilege to change the owner of a file not owned by the process
          when the system is configured with _POSIX_CHOWN_RESTRICTED enabled.

     CAP_CHROOT
          Privilege to use the chroot(2) system call.

     CAP_DAC_EXECUTE
          Privilege to execute a file when the permissions or Access Control
          List prohibit it.

     CAP_DAC_READ_SEARCH
          Privilege to read a file or search a directory when the permissions
          or Access Control List prohibit it.

     CAP_DAC_WRITE
          Privilege to write a file or update a directory when the permissions
          or Access Control List prohibit it.

     CAP_DEVICE_MGT
          Privilege to issue restricted device management calls and ioctl
          actions.





                                                                        Page 1





capabilities(4)                                                capabilities(4)



     CAP_FOWNER
          Privilege to operate on a file as if the process owns it (e.g.,
          change permissions, ownership, access times, etc.).

     CAP_FSETID
          Privilege to set the setuid or setgid bits of a file without being
          the owner.  Also, the privilege to change the owner of a setuid or
          setgid file.

     CAP_INF_DOWNGRADE
          Not supported, silently ignored.

     CAP_INF_NOFLOAT_OBJ
          Not supported, silently ignored.

     CAP_INF_NOFLOAT_SUBJ
          Not supported, silently ignored.

     CAP_INF_RELABEL_SUBJ
          Not supported, silently ignored.

     CAP_INF_UPGRADE
          Not supported, silently ignored.

     CAP_KILL
          Privilege to send a signal to a process that is not owned by the
          sender.  Also, privilege to use process synchronization calls
          (procblk) to a process.

     CAP_LINK_DIR
          Not supported.

     CAP_MAC_DOWNGRADE
          Privilege to change the MAC label of an object to a value that is
          dominated by the previous label.  (Only on systems with MAC
          enabled.)

     CAP_MAC_MLD
          Privilege to view the hidden directory structure of a multilevel
          directory.  (Only on systems with MAC enabled.)

     CAP_MAC_READ
          Privilege to read information whose MAC label dominates that of the
          reader.  (Only on systems with MAC enabled.)

     CAP_MAC_RELABEL_OPEN
          Privilege to change the MAC label of an open file.  (Only on systems
          with MAC enabled.)

     CAP_MAC_RELABEL_SUBJ
          Allows a process to change its own MAC label.  (Only on systems with
          MAC enabled.)



                                                                        Page 2





capabilities(4)                                                capabilities(4)



     CAP_MAC_UPGRADE
          Privilege to change the MAC label of an object to a value that
          dominates the previous label.  (Only on systems with MAC enabled.)

     CAP_MAC_WRITE
          Privilege to write information whose MAC label does not equal that
          of the writer.  (Only on systems with MAC enabled.)

     CAP_MEMORY_MGT
          Privilege to issue restricted memory management calls, primarily
          memory locking.

     CAP_MKNOD
          Alias for CAP_DEVICE_MGT.

     CAP_MOUNT_MGT
          Privilege to use the mount(2) and unmount(2) system calls.

     CAP_NETWORK_MGT
          Privilege to issue restricted networking calls (e.g., setting the
          network interface MAC address, network interface device management,
          etc.).

     CAP_NVRAM_MGT
          Alias for CAP_SYSINFO_MGT.

     CAP_PRIV_PORT
          Privilege to open a socket on a privileged TCP port.

     CAP_PROC_MGT
          Privilege to issue restricted process management calls.

     CAP_QUOTA_MGT
          Privilege to issue restricted quota management calls.

     CAP_SCHED_MGT
          Privilege to issue restricted scheduler calls, such as the real time
          scheduler interfaces.

     CAP_SETFCAP
          Privilege to change the capability sets of a file.

     CAP_SETGID
          Allows a process to change its real GID, effective GID, saved GID,
          and process group ID.

     CAP_SETPCAP
          Allows a process to change its capability sets.

     CAP_SETUID
          Allows a process to change its real, effective and saved UIDs.




                                                                        Page 3





capabilities(4)                                                capabilities(4)



     CAP_SHUTDOWN
          Privilege to shutdown or reboot the system.

     CAP_SIGMASK
          Not supported, silently ignored.

     CAP_STREAMS_MGT
          Privilege to use restricted STREAMS calls and operations.

     CAP_SWAP_MGT
          Privilege to use the swap(2) system call.

     CAP_SYSINFO_MGT
          Privilege to set system information (e.g., hostname values, NVRAM
          values, etc.).

     CAP_SVIPC_MGT
          Not supported, silently ignored.

     CAP_TIME_MGT
          Privilege to set the system time.

     CAP_XTCB
          Identifies a trusted client to the X server (i.e. trusted path).

     A process has three, possibly empty, sets of capabilities.  The permitted
     capability set is the maximum set of capabilities for the process.  The
     effective capability set contains those capabilities that are currently
     active for the process.  The inherited capability set contains those
     capabilities that the process may pass to the next process image across
     exec(2).

     Only capabilities in a process' effective capability set allow the
     process to perform restricted operations.  A process may use capability
     management functions to add or remove capabilities from its effective
     capability set.  However the capabilities that a process can make
     effective are limited to those that exist in its permitted capability
     set.

     Only capabilities in the process' inherited capability set can be passed
     across exec(2).

     Capabilities are also associated with files.  A file has three, possibly
     empty, capability sets.  A file's inherited capability set further
     constrains the process inherited capabilities that are passed from one
     process image to another across execution of that file.  The file's
     permitted capability set contains the capabilities that are
     unconditionally permitted to a process upon execution of that file.  The
     file's effective capabilities are the capabilities that become
     immediately active for the process upon execution of the file.





                                                                        Page 4





capabilities(4)                                                capabilities(4)



     File capabilities are supported only on XFS file systems.

     More precisely described, the process capability assignment algorithm is:


              I-proc-new = I-proc-old & I-file
              P-proc-new = P-file | (I-proc-new & P-proc-old)
              E-proc-new = P-proc-new & E-file


     At the interface to the library routines, the capability sets are
     represented in a struct cap_set which is defined in <sys/capability.h>.


              typedef __uint64_t cap_value_t;

              struct cap_set {
                   cap_value_t     cap_effective;  /* use in capability checks */
                   cap_value_t     cap_permitted;  /* combined with file attrs */
                   cap_value_t     cap_inheritable;/* pass through exec */
              };
              typedef struct cap_set cap_set_t;
              typedef struct cap_set * cap_t;


     Macros in <sys/capability.h> may be used to query, set or examine the
     capability sets.

EXTERNAL REPRESENTATION
     The routines capfromtext(3c) and captotext(3c) do the conversion
     between the internal structures and the external text form of
     capabilities.  The output of captotext may be used in capfromtext to
     recreate the original capability sets.

     The text representation of capability sets is a string, which consists of
     one or more capability lists.  Each capability list has the form:
                                capname[,capname]OF
     where capname is a defined capability name (described above).  The name
     ALL indicates all capabilities.

     F is a sequence of one or more flags chosen from "e", "i", "p" indicating
     which capability sets are to be affected.  "e" indicates the effective
     capability set, "p" indicates the permitted capability set, and "i"
     indicates the inherited capability set.

     O is the operation chosen from "=", "+", "-", indicating to initialize,
     add, or delete the specified capabilities in the affected capability
     sets.

     The capability lists are interpreted sequentially.





                                                                        Page 5





capabilities(4)                                                capabilities(4)



     All characters from the symbol "#" to the end of the line are interpreted
     as comments and are ignored.

SEE ALSO
     chcap(1), cap_get_proc(3C), cap_set_proc(3C), cap_from_text(3C),
     cap_to_text(3C), capability(4), dominance(5).

















































                                                                        Page 6



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026