1capable(8)                  System Manager's Manual                 capable(8)
2
3
4

NAME

6       capable - Trace security capability checks (cap_capable()).
7

SYNOPSIS

9       capable [-h] [-v] [-p PID]
10

DESCRIPTION

12       This  traces  security  capability  checks  in  the  kernel, and prints
13       details for each call. This can be useful for  general  debugging,  and
14       also  security enforcement: determining a white list of capabilities an
15       application needs.
16
17       Since this uses BPF, only the root user can use this tool.
18

REQUIREMENTS

20       CONFIG_BPF, bcc.
21

OPTIONS

23       -h USAGE message.
24
25       -v     Include non-audit capability checks. These are those deemed  not
26              interesting  and  not  necessary to audit, such as CAP_SYS_ADMIN
27              checks on memory allocation to affect the behavior  of  overcomā€
28              mit.
29

EXAMPLES

31       Trace all capability checks system-wide:
32              # capable
33
34       Trace capability checks for PID 181:
35              # capable -p 181
36

FIELDS

38       TIME(s)
39              Time of capability check: HH:MM:SS.
40
41       UID    User ID.
42
43       PID    Process ID.
44
45       COMM   Process name.  CAP Capability number.  NAME Capability name. See
46              capabilities(7) for descriptions.
47
48       AUDIT  Whether this was an audit event. Use  -v  to  include  non-audit
49              events.
50

OVERHEAD

52       This  adds low-overhead instrumentation to capability checks, which are
53       expected to be low frequency, however, that depends on the application.
54       Test in a lab environment before use.
55

SOURCE

57       This is from bcc.
58
59              https://github.com/iovisor/bcc
60
61       Also  look  in  the bcc distribution for a companion _examples.txt file
62       containing example usage, output, and commentary for this tool.
63

OS

65       Linux
66

STABILITY

68       Unstable - in development.
69

AUTHOR

71       Brendan Gregg
72

SEE ALSO

74       capabilities(7)
75
76
77
78USER COMMANDS                     2016-09-13                        capable(8)
Impressum