Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Latest commit 6f8c1b4
Jun 19, 2012
|Failed to load latest commit information.|
capbound ======== This is a simple command line utility for managing Linux capability bounding set. There used to be a procfs file /proc/sys/kernel/cap-bound exactly for that purpose but in newer kernels the global setting has been replaced by a per-process, inheritable bounding set. I couldn't find a convenient userspace tool for running a program with restricted set so I wrote one. Building & Installing ===================== When installing from the git repo, you should start with generating the configuration script using Autoconf and Automake: $ aclocal $ autoheader $ automake --foreign --add-missing $ autoconf Then configure, build, and install using: $ ./configure $ make $ sudo make install Usage ===== capbound [OPTION] COMMAND [ARG...] Run COMMAND with different capability bounding set. When not specified, CAPS defaults to `CAP_SYS_MODULE,CAP_SYS_RAWIO' -c, --capabilities=CAPS drop only capabilities CAPS -h, --help display this help and exit -v, --version output version information and exit