1reducecap(8)                 System Administration                reducecap(8)
2
3
4

NAME

6       reducecap - The reducecap utility is used to lower the capability ceil‐
7       ing of a process and child process.
8

SYNTAX

10       reducecap [options] <command arguments>
11

DESCRIPTION

13       The reducecap utility is used to lower  the  capability  ceiling  of  a
14       process  and  child  process. Even setuid program won't be able to grab
15       more capabilities.
16

OPTIONS

18       --secure Removes all  dangerous  capabilities  from  the  process  exe‐
19       cuted.Specificly it removes:
20              CAP_LINUX_IMMUTABLE CAP_NET_BROADCAST CAP_NET_ADMIN, CAP_NET_RAW
21              CAP_IPC_LOCK    CAP_IPC_OWNER    CAP_SYS_MODULE    CAP_SYS_RAWIO
22              CAP_SYS_PACCT     CAP_SYS_ADMIN     CAP_SYS_BOOT    CAP_SYS_NICE
23              CAP_SYS_RESOURCE CAP_SYS_TIME CAP_MKNOD.
24
25              Leaving the following capabilities:  CAP_CHOWN  CAP_DAC_OVERRIDE
26              CAP_DAC_READ_SEARCH  CAP_FOWNER  CAP_FSETID  CAP_KILL CAP_SETGID
27              CAP_SETUID  CAP_NET_BIND_SERVICE  CAP_SYS_CHROOT  CAP_SYS_PTRACE
28              CAP_SYS_TTY_CONFIG CAP_LEASE CAP_QUOTACTL
29
30       --show Shows the current process capabilities.
31
32       --flag sets the security context flags. The option may be repeated sev‐
33              eral times. Here are the values:
34
35              lock: The security context can't  be  changed.  The  process  is
36              trapped          in  this  context.  This  is generally used for
37              vservers because yoy        do not want  them  to  hide  in  new
38              security context.
39
40              sched:  Each process in a security context contribute (lower) to
41              the general      priority of every  processes  in  the  context.
42              Mostly,  all  processes       in a security context take as much
43              CPU together as one process      not bound to  this  flag.  Said
44              again  differently,  a  vserver having      100 active processes
45              won't get more CPU  than  another  vserver       with  a  single
46              active process.
47
48
49              nproc:  The "ulimit -u N" setting becomes global to the security
50              context. It means      the security context is  not  allowed  to
51              have more than N processes.
52
53              private: No other processes, even root in security context 0, is
54              allowed to      enter this security  context.  Once  a  security
55              context  is  setup       with  this flag, it is on its own. This
56              also means that root      in security context 0 won't be able to
57              kill or interact with those      processes.
58
59              hideinfo: Hides various information in /proc.
60
61
62       --LINUX_IMMUTABLE
63
64       --NET_BIND_SERVICE
65
66       --NET_BROADCAST
67
68       --NET_ADMIN
69
70       --NET_RAW
71
72       --IPC_LOCK
73
74       --IPC_OWNER
75
76       --SYS_MODULE
77
78       --SYS_RAWIO
79
80       --SYS_PACCT
81
82       --SYS_ADMIN
83
84       --SYS_BOOT
85
86       --SYS_NICE
87
88       --SYS_RESOURCE
89
90       --SYS_TIME
91
92       --MKNOD
93
94              All  these  options  remove one capability. These options may be
95              used after the --secure option to remove more capabilities.
96
97
98

FILES

100       /usr/sbin/reducecap
101
102
103

EXAMPLES

105       # You are not root now # What is the  current  capability  ceiling  cat
106       /proc/self/status    #   The   capBset   line   presents   mostly   1s.
107       /usr/sbin/reducecap --secure /bin/sh cat /proc/self/status # The  capB‐
108       set  now  shows  many  more 0s.  # The capEff shows all 0s, you have no
109       privilege now # We su to root su cat /proc/self/status # capEff is much
110       better  now,  but there are still many 0s # Now we try to see if we are
111       really root tail /var/log/messages # So far so good, we see the content
112       /sbin/ifconfig eth0 /sbin/ifconfig eth0 down # No way, we can't config‐
113       ure the interface. In fact #  we  have  lost  most  privilege  normally
114       assigned to root exit
115
116       Please contribute some more, if you feel it's important.
117

AUTHORS

119       This  Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon
120       the helpful output from the program itself and the documentation on the
121       Virtual     Server    site    <http://www.solucorp.qc.ca/miscprj/s_con
122       text.hc?prjstate=1&nodoc=0>
123

SEE ALSO

125       chcontext(8)   rebootmgr(8)   chbind(8)   vps(8)   vpstree(8)   vrpm(8)
126       vserver(8) vserver-stat(8) vtop(8)
127
128
129
130Klavs Klavsen <kl@vsen.dk>           0.1.0                        reducecap(8)
Impressum