Linux Capabilities (cont) CAP_SYS_MODULE Allow the insertion and removal of LKMs. CAP_SYS_RAWIO Allow raw access to devices (such as /dev/[hs]da*). CAP_SYS_CHROOT Allow use of chroot(2). CAP_SYS_PTRACE Allow use of process trace of any process. CAP_SYS_PACCT Allow configuration of process accounting systems. CAP_SYS_ADMIN Allow many restricted activities such as setting hostname, using mount, creating devices, etc. (See capability.h for full list.) CAP_SYS_BOOT Allow use of reboot(2). CAP_SYS_NICE Allow priorities to be raised, and affect non-owned processes nice level.
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at ISSA Puget Sound, 2003.
Presentation created using vim and MagicPoint.