/
README
36 lines (27 loc) · 1.03 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
capbound
========
This is a simple command line utility for managing Linux capability bounding
set. There used to be a procfs file /proc/sys/kernel/cap-bound exactly for
that purpose but in newer kernels the global setting has been replaced by a
per-process, inheritable bounding set. I couldn't find a convenient userspace
tool for running a program with restricted set so I wrote one.
Building & Installing
=====================
When installing from the git repo, you should start with generating the
configuration script using Autoconf and Automake:
$ aclocal
$ autoheader
$ automake --foreign --add-missing
$ autoconf
Then configure, build, and install using:
$ ./configure
$ make
$ sudo make install
Usage
=====
capbound [OPTION] COMMAND [ARG...]
Run COMMAND with different capability bounding set. When not specified, CAPS
defaults to `CAP_SYS_MODULE,CAP_SYS_RAWIO'
-c, --capabilities=CAPS drop only capabilities CAPS
-h, --help display this help and exit
-v, --version output version information and exit