1chcontext(8)                 System Administration                chcontext(8)
2
3
4

NAME

6       chcontext  -  chcontext allocates a new security context and executes a
7       command in that context.
8

SYNTAX

10       chcontext [options] <command arguments>
11

DESCRIPTION

13       chcontext allocates a new security context and executes  a  command  in
14       that context.  By default, a new/unused context is allocated
15

OPTIONS

17       --cap CAP_NAME
18              Add  a  capability from the command. This option may be repeated
19              several time. See  /usr/include/linux/capability.h  In  general,
20              this  option  is used with the --secure option. --secure removes
21              most critical capabilities and --cap adds specific ones.
22
23       --cap !CAP_NAME
24              Remove a  capability  from  the  command.  This  option  may  be
25              repeated several time. See /usr/include/linux/capability.h
26
27       --ctx num
28              Select  the context. Only root in context 0 is allowed to select
29              a specific context.  Context number 1 is special. It can see all
30              processes in any contexts, but can't kill them though.
31
32       --disconnect
33              Start  the command in background and make the process a child of
34              process 1.
35
36       --domainname new_domainname
37              Set the domainname (NIS)  in  the  new  security  context.   Use
38              "none" to unset the domainname.
39
40       --flag Set one flag in the new or current security context. The follow‐
41              ing flags are supported. The option may be used several time.
42                 lock: The new process is trapped and can't use
43                       chcontext anymore.
44                 sched: The new process and its children will
45                        share a common execution priority.
46                 nproc: Limit the number of process in the
47                        vserver according to ulimit setting.
48                        Normally, ulimit is a per user thing.
49                        With this flag, it becomes a per vserver
50                        thing.
51                 private: No one can join this security context
52                          once created.
53
54       --hostname new_hostname
55              Set the hostname in the new security context.   This  is  needed
56              because if you create a less privileged security context, it may
57              be unable to change its hostname.
58
59       --secure
60              Remove all the capabilities to make a virtual server trustable.
61
62       --silent
63              Do not print the allocated context number.
64
65       Information about context is found in /proc/self/status
66

FILES

68       /usr/sbin/chcontext
69
70
71

EXAMPLES

73       # You must be root, running X.  # We start an xterm in another security
74       context /usr/sbin/chcontext xterm &
75
76       #  We  check,  there is no xterm running, yet we can # see it.  ps ax |
77       grep xterm
78
79       # Are we running in security context 0 # We check the s_context line in
80       /proc/self/status cat /proc/self/status
81
82       #   Ok  we  in  security  context  0  #  Try  the  security  context  1
83       /usr/sbin/chcontext --ctx 1 ps ax | grep xterm
84
85       # Ok, we see the xterm, we try to kill it /usr/sbin/chcontext  --ctx  1
86       killall xterm
87
88       #  No,  security  context 1 can see, but can't kill # let's find out in
89       which security context this  #  xterm  is  running  /usr/sbin/chcontext
90       --ctx 1 ps ax | grep xterm
91
92       #  Ok, this is PID XX. We need the security context /usr/sbin/chcontext
93       --ctx 1 cat /proc/XX/status
94
95       # We see the s_context, this is SS.  # We want  to  kill  this  process
96       /usr/sbin/chcontext --ctx SS killall xterm
97
98       Please contribute some, if you feel it's important.
99

AUTHORS

101       This  Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon
102       the helpful output from the program itself and the documentation on the
103       Virtual     Server    site    <http://www.solucorp.qc.ca/miscprj/s_con
104       text.hc?prjstate=1&nodoc=0>
105

SEE ALSO

107       chbind(8)   rebootmgr(8)   reducecap(8)   vps(8)   vpstree(8)   vrpm(8)
108       vserver(8) vserver-stat(8) vtop(8)
109
110
111
112Klavs Klavsen <kl@vsen.dk>           0.1.0                        chcontext(8)
Impressum