1chcontext(8) System Administration chcontext(8)
2
6 chcontext - chcontext allocates a new security context and executes a
7 command in that context.
8
10 chcontext [options] <command arguments>
11
13 chcontext allocates a new security context and executes a command in
14 that context. By default, a new/unused context is allocated
15
17 --cap CAP_NAME
18 Add a capability from the command. This option may be repeated
19 several time. See /usr/include/linux/capability.h In general,
20 this option is used with the --secure option. --secure removes
21 most critical capabilities and --cap adds specific ones.
22 --cap !CAP_NAME
24 Remove a capability from the command. This option may be
25 repeated several time. See /usr/include/linux/capability.h
26 --ctx num
28 Select the context. Only root in context 0 is allowed to select
29 a specific context. Context number 1 is special. It can see all
30 processes in any contexts, but can't kill them though.
31 --disconnect
33 Start the command in background and make the process a child of
34 process 1.
35 --domainname new_domainname
37 Set the domainname (NIS) in the new security context. Use
38 "none" to unset the domainname.
39 --flag Set one flag in the new or current security context. The follow‐
41 ing flags are supported. The option may be used several time.
42 lock: The new process is trapped and can't use
43 chcontext anymore.
44 sched: The new process and its children will
45 share a common execution priority.
46 nproc: Limit the number of process in the
47 vserver according to ulimit setting.
48 Normally, ulimit is a per user thing.
49 With this flag, it becomes a per vserver
50 thing.
51 private: No one can join this security context
52 once created.
53 --hostname new_hostname
55 Set the hostname in the new security context. This is needed
56 because if you create a less privileged security context, it may
57 be unable to change its hostname.
58 --secure
60 Remove all the capabilities to make a virtual server trustable.
61 --silent
63 Do not print the allocated context number.
64 Information about context is found in /proc/self/status
66
68 /usr/sbin/chcontext
69
73 # You must be root, running X. # We start an xterm in another security
74 context /usr/sbin/chcontext xterm &
75 # We check, there is no xterm running, yet we can # see it. ps ax |
77 grep xterm
78 # Are we running in security context 0 # We check the s_context line in
80 /proc/self/status cat /proc/self/status
81 # Ok we in security context 0 # Try the security context 1
83 /usr/sbin/chcontext --ctx 1 ps ax | grep xterm
84 # Ok, we see the xterm, we try to kill it /usr/sbin/chcontext --ctx 1
86 killall xterm
87 # No, security context 1 can see, but can't kill # let's find out in
89 which security context this # xterm is running /usr/sbin/chcontext
90 --ctx 1 ps ax | grep xterm
91 # Ok, this is PID XX. We need the security context /usr/sbin/chcontext
93 --ctx 1 cat /proc/XX/status
94 # We see the s_context, this is SS. # We want to kill this process
96 /usr/sbin/chcontext --ctx SS killall xterm
97 Please contribute some, if you feel it's important.
99
101 This Man page was written by Klavs Klavsen <kl@vsen.dk> and based upon
102 the helpful output from the program itself and the documentation on the
103 Virtual Server site <http://www.solucorp.qc.ca/miscprj/s_con‐
104 text.hc?prjstate=1&nodoc=0>
105
107 chbind(8) rebootmgr(8) reducecap(8) vps(8) vpstree(8) vrpm(8)
108 vserver(8) vserver-stat(8) vtop(8)
109Klavs Klavsen <kl@vsen.dk> 0.1.0 chcontext(8)