Wednesday, July 16, 2008

Capabilities have fully arrived, finally

Linux 2.6.26 is out, which means that a complete Linux capabilities implementation has finally arrived, since we now have:

  • The ability to attach capability sets to files (added in 2.6.24), so that a process can acquire capabilities during an execve(2).
  • A CAP_SETPCAP capability with the proper semantics (since 2.6.25).
  • A per-thread capability bounding set (added in 2.6.25).
  • The per-thread securebits flags (added in 2.6.26), which can be used to restrict a thread and its children to a pure capabilities-only environment (i.e., one in which there is no special treatment of UID 0).
All of the details are provided in the recently revised capabilities(7) man page. A couple of other useful places to look for information on capabilities are Serge Hallyn's article, POSIX file capabilities: Parceling the power of root, and Chris Friedhoff's page on capabilities.

(2012-02-20: updated link to Serge Hallyn's article.)

No comments: