1capable(8)                  System Manager's Manual                 capable(8)
2
3
4

NAME

6       capable - Trace security capability checks (cap_capable()).
7

SYNOPSIS

9       capable [-h] [-v] [-p PID] [-K] [-U]
10

DESCRIPTION

12       This  traces  security  capability  checks  in  the  kernel, and prints
13       details for each call. This can be useful for  general  debugging,  and
14       also  security enforcement: determining a white list of capabilities an
15       application needs.
16
17       Since this uses BPF, only the root user can use this tool.
18

REQUIREMENTS

20       CONFIG_BPF, bcc.
21

OPTIONS

23       -h USAGE message.
24
25       -v     Include non-audit capability checks. These are those deemed  not
26              interesting  and  not  necessary to audit, such as CAP_SYS_ADMIN
27              checks on memory allocation to affect the behavior  of  overcomā€
28              mit.
29
30       -K     Include kernel stack traces to the output.
31
32       -U     Include user-space stack traces to the output.
33

EXAMPLES

35       Trace all capability checks system-wide:
36              # capable
37
38       Trace capability checks for PID 181:
39              # capable -p 181
40

FIELDS

42       TIME(s)
43              Time of capability check: HH:MM:SS.
44
45       UID    User ID.
46
47       PID    Process ID.
48
49       COMM   Process name.  CAP Capability number.  NAME Capability name. See
50              capabilities(7) for descriptions.
51
52       AUDIT  Whether this was an audit event. Use  -v  to  include  non-audit
53              events.  INSETID Whether the INSETID bit was set (Linux >= 5.1).
54

OVERHEAD

56       This  adds low-overhead instrumentation to capability checks, which are
57       expected to be low frequency, however, that depends on the application.
58       Test in a lab environment before use.
59

SOURCE

61       This is from bcc.
62
63              https://github.com/iovisor/bcc
64
65       Also  look  in  the bcc distribution for a companion _examples.txt file
66       containing example usage, output, and commentary for this tool.
67

OS

69       Linux
70

STABILITY

72       Unstable - in development.
73

AUTHOR

75       Brendan Gregg
76

SEE ALSO

78       capabilities(7)
79
80
81
82USER COMMANDS                     2016-09-13                        capable(8)
Impressum