chapter06/libcap.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../general.ent">
  %general-entities;
]>

<sect1 id="ch-system-libcap" role="wrap">
  <?dbhtml filename="libcap.html"?>

  <sect1info condition="script">
    <productname>libcap</productname>
    <productnumber>&libcap-version;</productnumber>
    <address>&libcap-url;</address>
  </sect1info>

  <title>Libcap-&libcap-version;</title>

  <indexterm zone="ch-system-libcap">
    <primary sortas="a-Libcap">Libcap</primary>
  </indexterm>

  <sect2 role="package">
    <title/>

    <para>The Libcap package implements the user-space interfaces to the POSIX
    1003.1e capabilities available in Linux kernels. These capabilities are a
    partitioning of the all powerful root privilege into a set of distinct
    privileges.</para>

    <segmentedlist>
      <segtitle>&buildtime;</segtitle>
      <segtitle>&diskspace;</segtitle>

      <seglistitem>
        <seg>&libcap-ch6-sbu;</seg>
        <seg>&libcap-ch6-du;</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

  <sect2 role="installation">
    <title>Installation of Libcap</title>

    <para>Prevent two static libraries from being installed:</para>

<screen><userinput remap="pre">sed -i '/install.*STA...LIBNAME/d' libcap/Makefile</userinput></screen>

    <para>Fix a file with wrong syntax:</para>

<screen><userinput remap="pre">sed -i '/libpsx/,$d' libcap/libcap.pc.in</userinput></screen>

    <para>Compile the package:</para>

<screen><userinput remap="make">make lib=lib</userinput></screen>

    <para>This package does not come with a test suite.</para>

    <para>Install the package:</para>

<screen><userinput remap="install">make lib=lib install
chmod -v 755 /lib/libcap.so.&libcap-version;</userinput></screen>

    <variablelist>
      <title>The meaning of the make option:</title>

      <varlistentry>
        <term><parameter>lib=lib</parameter></term>
        <listitem>
          <para>This parameter installs the library in
          <filename>/lib</filename> rather than
          <filename>/lib64</filename> on x86_64. It has no effect on
          x86.</para>
        </listitem>
      </varlistentry>
 
    </variablelist>

  </sect2>

  <sect2 id="contents-libcap" role="content">
    <title>Contents of Libcap</title>

    <segmentedlist>
      <segtitle>Installed programs</segtitle>
      <segtitle>Installed library</segtitle>

      <seglistitem>
        <seg>capsh, getcap, getpcaps, and setcap</seg>
        <seg>libcap.so</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="capsh">
        <term><command>capsh</command></term>
        <listitem>
          <para>A shell wrapper to explore and constrain capability support</para>
          <indexterm zone="ch-system-libcap capsh">
            <primary sortas="b-capsh">capsh</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getcap">
        <term><command>getcap</command></term>
        <listitem>
          <para>Examines file capabilities</para>
          <indexterm zone="ch-system-libcap getcap">
            <primary sortas="b-getcap">getcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getpcaps">
        <term><command>getpcaps</command></term>
        <listitem>
          <para>Displays the capabilities on the queried process(es)</para>
          <indexterm zone="ch-system-libcap getpcaps">
            <primary sortas="b-getpcaps">getpcaps</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="setcap">
        <term><command>setcap</command></term>
        <listitem>
          <para>Sets file capabilities</para>
          <indexterm zone="ch-system-libcap setcap">
            <primary sortas="b-setcap">setcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libcap">
        <term><filename class="libraryfile">libcap</filename></term>
        <listitem>
          <para>Contains the library functions for manipulating POSIX 1003.1e
          capabilities</para>
          <indexterm zone="ch-system-libcap libcap">
            <primary sortas="c-libcap">libcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>