Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A command line tool for managing Linux capability bounding set
C
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
.gitignore
Makefile.am
README
capbound.1
capbound.c
configure.ac

README

capbound
========

This is a simple command line utility for managing Linux capability bounding
set.  There used to be a procfs file /proc/sys/kernel/cap-bound exactly for
that purpose but in newer kernels the global setting has been replaced by a
per-process, inheritable bounding set.  I couldn't find a convenient userspace
tool for running a program with restricted set so I wrote one.

Building & Installing
=====================

When installing from the git repo, you should start with generating the
configuration script using Autoconf and Automake:

$ aclocal
$ autoheader
$ automake --foreign --add-missing
$ autoconf

Then configure, build, and install using:

$ ./configure
$ make
$ sudo make install

Usage
=====

capbound [OPTION] COMMAND [ARG...]
Run COMMAND with different capability bounding set.  When not specified, CAPS
defaults to `CAP_SYS_MODULE,CAP_SYS_RAWIO'

  -c, --capabilities=CAPS  drop only capabilities CAPS
  -h, --help               display this help and exit
  -v, --version            output version information and exit
Something went wrong with that request. Please try again.