[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 35: Linux Capabilities (cont)

Page 35

  
  Linux Capabilities (cont)
  CAP_SYS_MODULE
  Allow the insertion and removal of LKMs. 
  CAP_SYS_RAWIO
  Allow raw access to devices (such as /dev/[hs]da*).
  CAP_SYS_CHROOT
  Allow use of chroot(2). 
  CAP_SYS_PTRACE
  Allow use of process trace of any process. 
  CAP_SYS_PACCT
  Allow configuration of process accounting systems. 
  CAP_SYS_ADMIN
  Allow many restricted activities such as setting hostname, using mount, creating devices, etc.  (See capability.h for full list.) 
  CAP_SYS_BOOT
  Allow use of reboot(2). 
  CAP_SYS_NICE
  Allow priorities to be raised, and affect non-owned processes nice level. 

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.