40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
POSIX capabilities are pieces of root privilege, for instance
|
|
CAP_SYS_NICE to set priority on other tasks and CAP_SYS_TIME
|
|
to set system time. See
|
|
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
|
|
for more information.
|
|
|
|
A task's capabilities are set when it executes a new file, and
|
|
when it explicitly changes them (see capset(2)). After exec,
|
|
the task's new capabilities are a function of its previous
|
|
capabilities and the file's capabilities:
|
|
|
|
pI' = pI
|
|
pP' = fP | (fI & pI)
|
|
pE' = fE ? pP' : 0
|
|
|
|
Where pX is capability set X for process p before exec, pX' is
|
|
capability set X for process P after exec and fX is file
|
|
capability set X. The capability sets are I for inheritable,
|
|
P for permitted, and E for effective. Note that fE is a
|
|
boolean rather than a set.
|
|
|
|
File capabilities are stored in extended attributes named
|
|
'security.capability.' Setting this xattr requires the
|
|
CAP_SETFCAP capability when the capability security module is
|
|
loaded, or CAP_SYS_ADMIN when it is not.
|
|
|
|
The following tests are implemented here:
|
|
|
|
inh_capped: check whether a process without CAP_SETPCAP
|
|
is properly prohibited from raising bits in its
|
|
inheritable set using setcap.
|
|
|
|
verify_caps_exec:
|
|
1. check that privilege is needed to set file capabilities
|
|
2. check that pI', pP', and pE' are properly
|
|
calculated upon exec.
|
|
The Underlying kernel needs to be built with the following options for filecaps testing:
|
|
CONFIG_SECURITY_CAPABILITIES=y
|
|
|