1capable(8)                  System Manager's Manual                 capable(8)
2
3
4

NAME

6       capable - Trace security capability checks (cap_capable()).
7

SYNOPSIS

9       capable [-h] [-v] [-p PID] [-K] [-U]
10

DESCRIPTION

12       This  traces  security  capability  checks  in  the  kernel, and prints
13       details for each call. This can be useful for  general  debugging,  and
14       also  security enforcement: determining a white list of capabilities an
15       application needs.
16
17       Since this uses BPF, only the root user can use this tool.
18

REQUIREMENTS

20       CONFIG_BPF, bcc.
21

OPTIONS

23       -h USAGE message.
24
25       -v     Include non-audit capability checks. These are those deemed  not
26              interesting  and  not  necessary to audit, such as CAP_SYS_ADMIN
27              checks on memory allocation to affect the behavior  of  overcomā€
28              mit.
29
30       -K     Include kernel stack traces to the output.
31
32       -U     Include user-space stack traces to the output.
33
34       -x     Show extra fields in TID and INSETID columns.
35

EXAMPLES

37       Trace all capability checks system-wide:
38              # capable
39
40       Trace capability checks for PID 181:
41              # capable -p 181
42

FIELDS

44       TIME(s)
45              Time of capability check: HH:MM:SS.
46
47       UID    User ID.
48
49       PID    Process ID.
50
51       COMM   Process name.  CAP Capability number.  NAME Capability name. See
52              capabilities(7) for descriptions.
53
54       AUDIT  Whether this was an audit event. Use  -v  to  include  non-audit
55              events.  INSETID Whether the INSETID bit was set (Linux >= 5.1).
56

OVERHEAD

58       This  adds low-overhead instrumentation to capability checks, which are
59       expected to be low frequency, however, that depends on the application.
60       Test in a lab environment before use.
61

SOURCE

63       This is from bcc.
64
65              https://github.com/iovisor/bcc
66
67       Also  look  in  the bcc distribution for a companion _examples.txt file
68       containing example usage, output, and commentary for this tool.
69

OS

71       Linux
72

STABILITY

74       Unstable - in development.
75

AUTHOR

77       Brendan Gregg
78

SEE ALSO

80       capabilities(7)
81
82
83
84USER COMMANDS                     2016-09-13                        capable(8)
Impressum