Capabilities

Protection mechanism introduced in Kernel 2.2.

Allow to divide the traditional super-user privileges into distinct units.

Capabilities are a per-thread attribute.

List of capabilities

Examples (small sample …)

CAP_CHOWN
- Make arbitrary changes to file UIDs and GIDs.
CAP_DAC_OVERRIDE / CAP_DAC_READ_SEARCH
- Bypass file permission/directory transversal checks.
CAP_KILL
- Bypass permission checks for sending signals.
CAP_NET_ADMIN
- Perform various network-related operations.
CAP_SYS_ADMIN
- Overloaded general-purpose administration capability.

Per-thread capabilities.

Sets.

Set of capabilities used by the kernel to perform permission checks for the thread.

That is: these are the effective capabilities being used.

Set of capabilities preserved across an exec.

Are added to the permitted set when executing a program that has the corresponding bits set in the file inheritable set.

Limiting superset.

For the effective capabilities that the thread may assume.
For the capabilities that may be added to the inheritable set.
- Except for threads w/ CAP_SETPCAP in their effective set.

Once dropped, it can never be reacquired.

Set used to limit the capabilities that are gained during an exec.

Was previously a system-wide attribute.

Set of capabilities that are preserved across an exec of an unprivileged program.

Executing a privileged program will clear the ambient set.

Ambient capabilities must be both permitted and inheritable.

One cannot preserve something one cannot have.
One cannot preserve something one cannot inherit.
Automatically lowered if either of the corresponding permitted or inheritable capabilities is lowered.

Ambient capabilities are added to the permitted set and assigned to the effective set upon an exec.

Last updated 3 months ago