view release on metacpan or  search on metacpan

lib/Linux/Prctl.pm  view on Meta::CPAN

bypass all kernel permission checks, while unprivileged processes are subject
to full permission checking based on the process's credentials (usually:
effective UID, effective GID, and supplementary group list).

Starting with kernel 2.2, Linux divides the privileges traditionally associated
with superuser into distinct units, known as capabilities, which can be
independently enabled and disabled. Capabilities are a per-thread attribute.

Each thread has three capability sets containing zero or  more  of  the
capabilities described below

=head3 Permitted (the %Linux::Prctl::cap_permitted hash):

This is a limiting superset for the effective capabilities that the thread may
assume. It is also a limiting superset for the capabilities that may be added
to the inheritable set by a thread that does not have the setpcap capability in
its effective set.

If a thread drops a capability from its permitted set, it can never re-acquire
that capability (unless it execve s either a set-user-ID-root program, or a
program whose associated file capabilities grant that capability).

=head3 Inheritabe (the %Linux::Prctl::cap_inheritable hash):

This is a set of capabilities preserved across an execve. It provides a
mechanism for a process to assign capabilities to the permitted set of the new
program during an execve.

=head3 Effective (the %Linux::Prctl::cap_effective hash):

This is the set of capabilities used by the kernel to perform permission checks
for the thread.

A child created via fork inherits copies of its parent's capability sets. See
below for a discussion of the treatment of capabilities during :func:`execve`.

The $Linux::Prctl::capbset hash represents the current capability bounding sets
of the process.  The capability bounding set dictates whether the process can
receive the capability through a file's permitted capability set on a
subsequent call to execve. All items of this hash are true by default, unless a
parent process already removed them from the bounding set.

These four hashes have a number of keys. For the capability bounding set and
the effective capabilities, these can only be set to False, this drops them
from the corresponding set.

All details about capabilities and capability bounding sets can be found in the
capabilities(7) manpage, on which most text below is based.

These are the keys of the hashes:

=head3 audit_control

Enable and disable kernel auditing; change auditing filter rules; retrieve
auditing status and filtering rules.

=head3 audit_write

Write records to kernel auditing log.

=head3 chown

Make arbitrary changes to file UIDs and GIDs (see L<chown(2)>).

=head3 dac_override

Bypass file read, write, and execute permission checks.  (DAC is an
abbreviation of "discretionary access control".)

=head3 dac_read_search

Bypass file read permission checks and directory read and execute permission
checks.

=head3 fowner

=over 1

=item Bypass  permission  checks  on  operations  that  normally require the
file system UID of the process to match the UID of the file (e.g., chmod,
utime), excluding those operations covered by dac_override and dac_read_search.

=item Set extended file attributes (see L<chattr(1)>) on arbitrary files.

=item Set Access Control Lists (ACLs) on arbitrary files.

=item Ignore directory sticky bit on file deletion.

=item Specify O_NOATIME for arbitrary files in open and fcntl.

=back

=head3 fsetid

Don't clear set-user-ID and set-group-ID permission bits when a file is
modified; set the set-group-ID bit for a file whose  GID  does  not match the
file system or any of the supplementary GIDs of the calling process.

=head3 ipc_lock

Lock memory (mlock, mlockall, mmap, shmctl).

=head3 ipc_owner

Bypass permission checks for operations on System V IPC objects.

=head3 kill

Bypass permission checks for sending signals (see L<kill(2)>). This includes
use of the ioctl KDSIGACCEPT operation.

=head3 lease

Establish leases on arbitrary files (see L<fcntl(2)>).

=head3 linux_immutable

Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags (see L<chattr(1)>).

=head3 mac_admin

Override Mandatory Access Control (MAC). Implemented for the Smack Linux
Security Module (LSM).