chapter08/libcap.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../general.ent">
  %general-entities;
]>

<sect1 id="ch-system-libcap" role="wrap">
  <?dbhtml filename="libcap.html"?>

  <sect1info condition="script">
    <productname>libcap</productname>
    <productnumber>&libcap-version;</productnumber>
    <address>&libcap-url;</address>
  </sect1info>

  <title>Libcap-&libcap-version;</title>

  <indexterm zone="ch-system-libcap">
    <primary sortas="a-Libcap">Libcap</primary>
  </indexterm>

  <sect2 role="package">
    <title/>

    <para>The Libcap package implements the user-space interfaces to the POSIX
    1003.1e capabilities available in Linux kernels. These capabilities are a
    partitioning of the all powerful root privilege into a set of distinct
    privileges.</para>

    <segmentedlist>
      <segtitle>&buildtime;</segtitle>
      <segtitle>&diskspace;</segtitle>

      <seglistitem>
        <seg>&libcap-fin-sbu;</seg>
        <seg>&libcap-fin-du;</seg>
      </seglistitem>
    </segmentedlist>

  </sect2>

  <sect2 role="installation">
    <title>Installation of Libcap</title>

    <para>Prevent static libraries from being installed:</para>

<screen><userinput remap="pre">sed -i '/install -m.*STA/d' libcap/Makefile</userinput></screen>

    <para>Compile the package:</para>

<screen><userinput remap="make">make prefix=/usr lib=lib</userinput></screen>

    <variablelist>
      <title>The meaning of the make option:</title>

      <varlistentry>
        <term><parameter>lib=lib</parameter></term>
        <listitem>
          <para>This parameter sets the library directory to
          <filename>/usr/lib</filename> rather than
          <filename>/usr/lib64</filename> on x86_64. It has no effect on
          x86.</para>
        </listitem>
      </varlistentry>
    </variablelist>

    <para>To test the results, issue:</para>

<screen><userinput remap="test">make test</userinput></screen>

    <para>Install the package:</para>

<screen><userinput remap="install">make prefix=/usr lib=lib install</userinput></screen>

  </sect2>

  <sect2 id="contents-libcap" role="content">
    <title>Contents of Libcap</title>

    <segmentedlist>
      <segtitle>Installed programs</segtitle>
      <segtitle>Installed library</segtitle>

      <seglistitem>
        <seg>capsh, getcap, getpcaps, and setcap</seg>
        <seg>libcap.so and libpsx.so</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="capsh">
        <term><command>capsh</command></term>
        <listitem>
          <para>A shell wrapper to explore and constrain capability support</para>
          <indexterm zone="ch-system-libcap capsh">
            <primary sortas="b-capsh">capsh</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getcap">
        <term><command>getcap</command></term>
        <listitem>
          <para>Examines file capabilities</para>
          <indexterm zone="ch-system-libcap getcap">
            <primary sortas="b-getcap">getcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="getpcaps">
        <term><command>getpcaps</command></term>
        <listitem>
          <para>Displays the capabilities on the queried process(es)</para>
          <indexterm zone="ch-system-libcap getpcaps">
            <primary sortas="b-getpcaps">getpcaps</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="setcap">
        <term><command>setcap</command></term>
        <listitem>
          <para>Sets file capabilities</para>
          <indexterm zone="ch-system-libcap setcap">
            <primary sortas="b-setcap">setcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libcap">
        <term><filename class="libraryfile">libcap</filename></term>
        <listitem>
          <para>Contains the library functions for manipulating POSIX 1003.1e
          capabilities</para>
          <indexterm zone="ch-system-libcap libcap">
            <primary sortas="c-libcap">libcap</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="libpsx">
        <term><filename class="libraryfile">libpsx</filename></term>
        <listitem>
          <para>Contains functions to support POSIX semantics for syscalls
          associated with the pthread library</para>
          <indexterm zone="ch-system-libcap libpsx">
            <primary sortas="c-libpsx">libpsx</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>