| POSIX capabilities are pieces of root privilege, for instance |
| CAP_SYS_NICE to set priority on other tasks and CAP_SYS_TIME |
| to set system time. See |
| http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt |
| for more information. |
| |
| A task's capabilities are set when it executes a new file, and |
| when it explicitly changes them (see capset(2)). After exec, |
| the task's new capabilities are a function of its previous |
| capabilities and the file's capabilities: |
| |
| pI' = pI |
| pP' = fP | (fI & pI) |
| pE' = fE ? pP' : 0 |
| |
| Where pX is capability set X for process p before exec, pX' is |
| capability set X for process P after exec and fX is file |
| capability set X. The capability sets are I for inheritable, |
| P for permitted, and E for effective. Note that fE is a |
| boolean rather than a set. |
| |
| File capabilities are stored in extended attributes named |
| 'security.capability.' Setting this xattr requires the |
| CAP_SETFCAP capability when the capability security module is |
| loaded, or CAP_SYS_ADMIN when it is not. |
| |
| The following tests are implemented here: |
| |
| inh_capped: check whether a process without CAP_SETPCAP |
| is properly prohibited from raising bits in its |
| inheritable set using setcap. |
| |
| verify_caps_exec: |
| 1. check that privilege is needed to set file capabilities |
| 2. check that pI', pP', and pE' are properly |
| calculated upon exec. |
| The Underlying kernel needs to be built with the following options for filecaps testing: |
| CONFIG_SECURITY_CAPABILITIES=y |
| |