capabilities

CAPABILITIES(7)            Linux Programmer's Manual           CAPABILITIES(7)



åå
       capabilities - Linux ã®ã±ã¼ãããªã㣠(capability) ã®æ¦è¦

説æ
       権éã®ãã§ãã¯ãè¡ã観ç¹ããè¦ãã¨ãä¼çµ±ç㪠UNIX ã®å®è£ã§ã¯ ãã‐
       ã»ã¹ã¯äºã¤ã®ã«ãã´ãªã«åé¡ã§ãã: ç¹æ¨© ããã»ã¹ (å®å¹ã¦ã¼ã¶ID ã 0 ã®ãã‐
       ã»ã¹ãã¦ã¼ã¶ID 0 㯠ã¹ã¼ãã¼ã¦ã¼ã¶ã root ã¨å¼ã°ãã) 㨠éç¹æ¨© ããã»ã¹
       (å®å¹ã¦ã¼ã¶ID ã 0 以å¤ã®ããã»ã¹) ã§ããã éç¹æ¨©ããã»ã¹ã§ã¯ããã‐
       ã»ã¹ã®è³æ ¼æå ± (é常ã¯ãå®å¹UID ãå®å¹GID ã¨è¿½å ã®ã°ã«ã¼ããªã¹ã)
       ã«åºã¥ã権éãã§ãã¯ãè¡ãããã®ã«å¯¾ãã ç¹æ¨©ãã‐
       ã»ã¹ã§ã¯å¨ã¦ã®ã«ã¼ãã«ã®æ¨©éãã§ãã¯ããã¤ãã¹ãããã

       ãã¼ã¸ã§ã³ 2.2 以éã® Linux ã§ã¯ã
       ããã¾ã§ã¹ã¼ãã¼ã¦ã¼ã¶ã«çµã³ä»ãããã¦ãã権éãã
       ããã¤ãã®ã°ã«ã¼ãã«åå²ãã¦ããããããã®ã°ã«ã¼ã㯠ã±ã¼ãããªãã£(capability)
       ã¨å¼ã°ããã°ã«ã¼ãæ¯ã«ç¬ç«ã«æå¹ãç¡å¹ãè¨å®ã§ããã
       ã±ã¼ãããªãã£ã¯ã¹ã¬ããåä½ã®å±æ§ã§ããã

   ã±ã¼ãããªãã£ã®ãªã¹ã
       以ä¸ã®ãªã¹ãã¯ã Linux ã§å®è£ããã¦ããã±ã¼ãããªãã£ã¨
       åã±ã¼ãããªãã£ã許å¯ããæä½ã¨åä½ãã¾ã¨ãããã®ã§ããã

       CAP_AUDIT_CONTROL (Linux 2.6.11 以é)
              ã«ã¼ãã«ç£æ» (audit) ã®æå¹ç¡å¹ã®åãæ¿ãã ç£æ»ã®ãã£ã«ã¿ã«ã¼ã«ã®å¤æ´ã
              ç£æ»ã®ç¶æ³ããã£ã«ã¿ã«ã¼ã«ã®åå¾ãã§ããã

       CAP_AUDIT_WRITE (Linux 2.6.11 以é)
              ã«ã¼ãã«ç£æ»ã®ãã°ã«ã¬ã³ã¼ããæ¸ãè¾¼ãã

       CAP_BLOCK_SUSPEND (Linux 3.5 以é)
              Employ features that can block system suspend (epoll(7)
              EPOLLWAKEUP, /proc/sys/wake_lock).

       CAP_CHOWN
              ãã¡ã¤ã«ã® UID ã¨GID ãä»»æã«å¤æ´ãã (chown(2)  åç§)ã

       CAP_DAC_OVERRIDE
              ãã¡ã¤ã«ã®èªã¿åºããæ¸ãè¾¼ã¿ãå®è¡ã®æ¨©éãã§ãã¯ããã¤ãã¹ãã (DAC ã¯
              "discretionary access control (ä»»æã®ã¢ã¯ã»ã¹å¶å¾¡)" ã®ç¥ã§ãã)ã

       CAP_DAC_READ_SEARCH
              ãã¡ã¤ã«ã®èªã¿åºã権éã®ãã§ãã¯ã¨ãã£ã¬ã¯ããªã®èªã¿åºãã¨å®è¡
              ã®æ¨©éãã§ãã¯ããã¤ãã¹ããã

       CAP_FOWNER
              * é常ãããã»ã¹ã®ãã¡ã¤ã«ã·ã¹ãã  UID ããã¡ã¤ã«ã® UID ã«ä¸è´ãããã¨ã
                è¦æ±ãããæä½ (ä¾ãã° chmod(2), utime(2))
                ã«ããã権éãã§ãã¯ããã¤ãã¹ããã ä½ãã CAP_DAC_OVERRIDE ã
                CAP_DAC_READ_SEARCH ã«ãããã§ãã¯ãè¡ãããæä½ã¯é¤ãã
              * ä»»æã®ãã¡ã¤ã«ã«å¯¾ãã¦æ¡å¼µãã¡ã¤ã«å±æ§ãè¨å®ãã (chattr(1)  åç§)ã
              * ä»»æã®ãã¡ã¤ã«ã«å¯¾ãã¦ã¢ã¯ã»ã¹å¶å¾¡ãªã¹ã (ACL) ãè¨å®ããã
              * ãã¡ã¤ã«ã®åé¤ã®éã«ãã£ã¬ã¯ããªã®ã¹ãã£ããã¼ããããç¡è¦ããã
              * open(2)  ã fcntl(2)  ã§ä»»æã®ãã¡ã¤ã«ã«å¯¾ã㦠O_NOATIME ãæå®ããã

       CAP_FSETID
              ãã¡ã¤ã«ãå¤æ´ãããã¨ãã« set-user-ID ã¨set-group-ID
              ã®è¨±å¯ããããã¯ãªã¢ ããªããå¼ã³åºãåããã»ã¹ã®ãã¡ã¤ã«ã·ã¹ãã  GID
              ã¨è¿½å ã® GID ã®ãããã¨ã GID ãä¸è´ããªããã¡ã¤ã«ã«å¯¾ã㦠set-group-ID
              ããããè¨å®ããã

       CAP_IPC_LOCK
              ã¡ã¢ãªã¼ã®ãã㯠(mlock(2), mlockall(2), mmap(2), shmctl(2))
              ãè¡ãã

       CAP_IPC_OWNER
              System V IPC ãªãã¸ã§ã¯ãã«å¯¾ããæä½ã«é¢ãã¦æ¨©éãã§ãã¯ããã¤ãã¹ããã

       CAP_KILL
              ã·ã°ãã«ãéä¿¡ããéã«æ¨©éãã§ãã¯ããã¤ãã¹ãã (kill(2)  åç§)ãããã«ã¯
              ioctl(2)  ã® KDSIGACCEPT æä½ã®ä½¿ç¨ãå«ã¾ããã

       CAP_LEASE (Linux 2.4 以é)
              ä»»æã®ãã¡ã¤ã«ã«å¯¾ã㦠ãã¡ã¤ã«ãªã¼ã¹ãè¨å®ãã (fcntl(2)  åç§)ã

       CAP_LINUX_IMMUTABLE
              æ¡å¼µãã¡ã¤ã«å±æ§ FS_APPEND_FL 㨠FS_IMMUTABLE_FL ãè¨å®ãã
              (chattr(1)  åç§)ã

       CAP_MAC_ADMIN (Linux 2.6.25 以é)
              å¼·å¶ã¢ã¯ã»ã¹å¶å¾¡ (MAC) ãä¸æ¸ãããã Smack Linux Security Module
              (LSM) ç¨ã«å®è£ããã¦ããã

       CAP_MAC_OVERRIDE (Linux 2.6.25 以é)
              MAC ã®è¨å®ãç¶æãå¤æ´ããã Smack LSM ç¨ã«å®è£ããã¦ããã

       CAP_MKNOD (Linux 2.4 以é)
              (Linux 2.4 以é)  mknod(2)  ã使ç¨ãã¦ã¹ãã·ã£ã«ãã¡ã¤ã«ãä½æããã

       CAP_NET_ADMIN
              å種ã®ãããã¯ã¼ã¯é¢ä¿ã®æä½ãå®è¡ãã:
              * ã¤ã³ã¿ã¼ãã§ã¼ã¹ã®è¨å®
              * IP ã®ãã¡ã¤ã¢ã¦ã©ã¼ã«ããã¹ã«ã¬ã¼ããã¢ã«ã¦ã³ãã£ã³ã°
              * ã«ã¼ãã£ã³ã°ãã¼ãã«ã®å¤æ´
              * ééçãããã·ã§ã®ä»»æã®ã¢ãã¬ã¹ã®å²ãå½ã¦ (bind)
              * ãµã¼ãã¹ç¨®å¥ (type-of-service; TOS) ã®ã»ãã
              * ãã©ã¤ãã®çµ±è¨æå ±ã®ã¯ãªã¢
              * promiscuous ã¢ã¼ããã»ãããã
              * ãã«ããã£ã¹ããæå¹ã«ãã
              * setsockopt(2) ã使ã£ã¦ä»¥ä¸ã®ã½ã±ãããªãã·ã§ã³ãè¨å®ãã: SO_DEBUG,
                SO_MARK, SO_PRIORITY (åªå度ã 0 ãã 6 以å¤ã«è¨å®ããå ´å),
                SO_RCVBUFFORCE, and SO_SNDBUFFORCE

       CAP_NET_BIND_SERVICE
              ã¤ã³ã¿ã¼ããããã¡ã¤ã³ã®ç¹æ¨©ãã¼ã (ãã¼ãçªå·ã 1024 çªæªæº)
              ããã¤ã³ãã§ããã

       CAP_NET_BROADCAST
              (æªä½¿ç¨) ã½ã±ããã®ããã¼ããã£ã¹ãã¨ããã«ããã£ã¹ãã®å¾ã¡åããè¡ãã

       CAP_NET_RAW
              * RAW ã½ã±ãã㨠PACKET ã½ã±ããã使ç¨ããã
              * ééçãããã·ã§ã®ä»»æã®ã¢ãã¬ã¹ã®å²ãå½ã¦ (bind)

       CAP_SETGID
              ããã»ã¹ã® GID ã¨è¿½å ã® GID ãªã¹ãã«å¯¾ããä»»æã®æä½ãè¡ãã UNIX
              ãã¡ã¤ã³ã½ã±ããçµç±ã§ã½ã±ããã®è³æ ¼æå ± (credential) ã渡ãéã« å½ã®
              GID ã渡ããã¨ãã§ããã

       CAP_SETFCAP (Linux 2.6.24 以é)
              ãã¡ã¤ã«ã±ã¼ãããªãã£ãè¨å®ããã

       CAP_SETPCAP
              ãã¡ã¤ã«ã±ã¼ãããªãã£ããµãã¼ãããã¦ããªãå ´å:
              å¼ã³åºãåã許å¯ããã¦ããã±ã¼ãããªãã£ã»ããã«å«ã¾ããä»»æã®ã±ã¼ãããªãã£ãã
              ä»ã®ããã»ã¹ã«ä»ä¸ããããåé¤ãããã§ããã
              (ã«ã¼ãã«ããã¡ã¤ã«ã±ã¼ãããªãã£ããµãã¼ããã¦ããå ´åã CAP_SETPCAP
              ã¯ãã®å½¹å²ãæããªãã
              ãªããªãããã¡ã¤ã«ã±ã¼ãããªãã£ããµãã¼ããã¦ããã«ã¼ãã«ã§ã¯ CAP_SETPCAP
              ã¯å¨ãå¥ã®æå³ãæã¤ããã§ããã)

              ãã¡ã¤ã«ã±ã¼ãããªãã£ããµãã¼ãããã¦ããå ´å:
              å¼ã³åºãåã¹ã¬ããã®ãã¦ã³ãã£ã³ã°ã»ããã®ä»»æã®ã±ã¼ãããªãã£ã
              èªèº«ã®ç¶æ¿å¯è½ã±ã¼ãããªãã£ã»ããã«è¿½å ã§ããã (prctl(2)
              PR_CAPBSET_DROP ã使ã£ã¦) ãã¦ã³ãã£ã³ã°ã»ããããã±ã¼ãããªãã£ãåé¤ã§ããã
              securebits ãã©ã°ãå¤æ´ã§ããã

       CAP_SETUID
              ããã»ã¹ã® UID ã«å¯¾ããä»»æã®æä½ (setuid(2), setreuid(2),
              setresuid(2), setfsuid(2))  ãè¡ãã UNIX
              ãã¡ã¤ã³ã½ã±ããçµç±ã§ã½ã±ããã®è³æ ¼æå ± (credential) ã渡ãéã« å½ã®
              UID ã渡ããã¨ãã§ããã

       CAP_SYS_ADMIN
              * 以ä¸ã®ã·ã¹ãã 管çç¨ã®æä½ãå®è¡ãã: quotactl(2), mount(2),
                umount(2), swapon(2), swapoff(2), sethostname(2),
                setdomainname(2).
              * ç¹æ¨©ãå¿è¦ãª syslog(2) ã®æä½ãå®è¡ãã (Linux 2.6.37
                以éã§ã¯ããã®ãããªæä½ã許å¯ããã«ã¯ CAP_SYSLOG ã使ãã¹ãã§ãã)
              * VM86_REQUEST_IRQ vm86(2) ã³ãã³ããå®è¡ããã
              * ä»»æã® System V IPC ãªãã¸ã§ã¯ãã«å¯¾ãã IPC_SET 㨠IPC_RMID
                æä½ãå®è¡ããã
              * æ¡å¼µå±æ§ trusted 㨠security ã«å¯¾ããæä½ãå®è¡ãã (attr(5)
                åç§)ã
              * lookup_dcookie(2)  ãå¼ã³åºãã
              * ioprio_set(2)  ã使ã£ã¦ I/O ã¹ã±ã¸ã¥ã¼ãªã³ã°ã¯ã©ã¹
                IOPRIO_CLASS_RT, IOPRIO_CLASS_IDLE ãå²ãå½ã¦ã
                (IOPRIO_CLASS_IDLE 㯠Linux 2.6.25 ããåã®ãã¼ã¸ã§ã³ã®ã¿)ã
              * ã½ã±ããã®è³æ ¼æå ± (credential) ã渡ãéã«å½ã® UID ã渡ãã
              * ãã¡ã¤ã«ããªã¼ãã³ããã·ã¹ãã ã³ã¼ã« (ä¾ãã° accept(2), execve(2),
                open(2), pipe(2)) ã§ã·ã¹ãã å¨ä½ã§ãªã¼ãã³ã§ãããã¡ã¤ã«æ°ã®ä¸é
                /proc/sys/fs/file-max ãè¶éããã
              * clone(2) 㨠unshare(2) ã§æ°ããåå空éãä½æãã CLONE_*
                ãã©ã°ãå©ç¨ããã
              * perf_event_open(2) ãå¼ã³åºãã
              * ç¹æ¨©ãå¿è¦ãª perf ã¤ãã³ãã®æå ±ã«ã¢ã¯ã»ã¹ããã
              * setns(2) ãå¼ã³åºãã
              * fanotify_init(2) ãå¼ã³åºãã
              * keyctl(2)  ã® KEYCTL_CHOWN 㨠KEYCTL_SETPERM æä½ãå®è¡ããã
              * madvise(2)  ã® MADV_HWPOISON æä½ãå®è¡ããã
              * TIOCSTI ioctl(2) ã使ã£ã¦ã
                å¼ã³åºãåã®å¶å¾¡ç«¯æ«ä»¥å¤ã®ç«¯æ«ã®å¥åãã¥ã¼ã«æåãæ¿å¥ããã
              * å»æ¢äºå®ã® nfsservctl(2) ã·ã¹ãã ã³ã¼ã«ã使ç¨ããã
              * å»æ¢äºå®ã® bdflush(2) ã·ã¹ãã ã³ã¼ã«ã使ç¨ããã
              * ç¹æ¨©ãå¿è¦ãªãããã¯ããã¤ã¹ã«å¯¾ããå種㮠ioctl(2) æä½ã å®è¡ããã
              * ç¹æ¨©ãå¿è¦ãªãã¡ã¤ã«ã·ã¹ãã ã«å¯¾ããå種㮠ioctl(2) æä½ã å®è¡ããã
              * å¤ãã®ããã¤ã¹ãã©ã¤ãã«å¯¾ãã管çå½ä»¤ãå®è¡ããã

       CAP_SYS_BOOT
              reboot(2)  㨠kexec_load(2)  ãå¼ã³åºãã

       CAP_SYS_CHROOT
              chroot(2).  ãå¼ã³åºãã

       CAP_SYS_MODULE
              ã«ã¼ãã«ã¢ã¸ã¥ã¼ã«ã®ãã¼ããã¢ã³ãã¼ããè¡ã (init_module(2)  ã¨
              delete_module(2)  ãåç§ã®ãã¨)ã ãã¼ã¸ã§ã³ 2.6.25 ããåã®ã«ã¼ãã«ã§ã
              ã·ã¹ãã å¨ä½ã®ã±ã¼ãããªãã£ãã¦ã³ãã£ã³ã°ã»ãã (capability bounding
              set) ããã±ã¼ãããªãã£ãå¤ãã

       CAP_SYS_NICE
              * ããã»ã¹ã® nice å¤ã®å¼ãä¸ã (nice(2), setpriority(2))
                ããä»»æã®ããã»ã¹ã® nice å¤ã®å¤æ´ãè¡ãã
              * å¼ã³åºãåããã»ã¹ã«å¯¾ãããªã¢ã«ã¿ã¤ã ã¹ã±ã¸ã¥ã¼ãªã³ã°ããªã·ã¼ã¨ã
                ä»»æã®ããã»ã¹ã«å¯¾ããã¹ã±ã¸ã¥ã¼ãªã³ã°ããªã·ã¼ã¨åªå度ãè¨å®ãã
                (sched_setscheduler(2), sched_setparam(2))ã
              * ä»»æã®ããã»ã¹ã«å¯¾ãã CPU affinity ãè¨å®ã§ãã
                (sched_setaffinity(2))ã
              * ä»»æã®ããã»ã¹ã«å¯¾ã㦠I/O ã¹ã±ã¸ã¥ã¼ãªã³ã°ã¯ã©ã¹ã¨åªå度ãè¨‐
                å®ã§ãã (ioprio_set(2))ã
              * migrate_pages(2)  ãä»»æã®ããã»ã¹ã«é©ç¨ãããã‐
                ã»ã¹ãä»»æã®ãã¼ãã«ç§»åããã
              * move_pages(2)  ãä»»æã®ããã»ã¹ã«å¯¾ãã¦è¡ãã
              * mbind(2)  㨠move_pages(2)  㧠MPOL_MF_MOVE_ALL ãã©ã°ã使ç¨ããã

       CAP_SYS_PACCT
              acct(2)  ãå¼ã³åºãã

       CAP_SYS_PTRACE
              Trace arbitrary processes using ptrace(2); apply
              get_robust_list(2) to arbitrary processes; inspect processes
              using kcmp(2).

       CAP_SYS_RAWIO
              * I/O ãã¼ãæä½ãå®è¡ãã (iopl(2)ã ioperm(2))ã
              * access /proc/kcore;
              * FIBMAP ioctl(2) æä½ã使ç¨ããã
              * open devices for accessing x86 model-specific registers (MSRs,
                see msr(4))
              * update /proc/sys/vm/mmap_min_addr;
              * create memory mappings at addresses below the value specified
                by /proc/sys/vm/mmap_min_addr;
              * map files in /proc/bus/pci;
              * open /dev/mem and /dev/kmem;
              * perform various SCSI device commands;
              * perform certain operations on hpsa(4)  and cciss(4)  devices;
              * perform a range of device-specific operations on other
                devices.

       CAP_SYS_RESOURCE
              * ext2 ãã¡ã¤ã«ã·ã¹ãã ä¸ã®äºç´ããã¦ããé åã使ç¨ããã
              * ext3 ã®ã¸ã£ã¼ãã«æ©è½ãå¶å¾¡ãã ioctl(2)  ã使ç¨ããã
              * ãã£ã¹ã¯ quota ã®ä¸éãä¸æ¸ãããã
              * ãªã½ã¼ã¹ä¸éãå¢ãã (setrlimit(2))ã
              * RLIMIT_NPROC ãªã½ã¼ã¹å¶éãä¸æ¸ãããã
              * ã³ã³ã½ã¼ã«å²ãå½ã¦ã«ããã¦ã³ã³ã½ã¼ã«ã®æ大æ°ãä¸æ¸ãããã
              * ãã¼ãããã®æ大æ°ãä¸æ¸ãããã
              * ãªã¢ã«ã¿ã¤ã ã¯ããã¯ããç§é 64 åãè¶ããåæ°ã®å²ãå½ã¦ã許å¯ããã
              * ã¡ãã»ã¼ã¸ãã¥ã¼ã«é¢ããä¸é msg_qbytes ã /proc/sys/kernel/msgmnb
                ã«æå®ããã¦ããä¸éããã大ããè¨å®ãã (msgop(2) 㨠msgctl(2) åç§)ã
              * F_SETPIPE_SZ fcntl(2) ã使ã£ã¦ãã¤ãã®å®¹éãè¨å®ããéã« ä¸é
                /proc/sys/fs/pipe-size-max ãä¸æ¸ãããã
              * /proc/sys/fs/pipe-max-size ã«æå®ããã¦ããä¸éãè¶ãã¦ãã¤ãã®å®¹é
                ãå¢ããã®ã« F_SETPIPE_SZ ã使ç¨ããã
              * POSIX ã¡ãã»ã¼ã¸ãã¥ã¼ãä½æããéã«ã ä¸é
                /proc/sys/fs/mqueue/queues_max ãä¸æ¸ããã (mq_overview(7) åç§)ã
              * employ prctl(2)  PR_SET_MM operation;
              * set /proc/PID/oom_score_adj to a value lower than the value
                last set by a process with CAP_SYS_RESOURCE.

       CAP_SYS_TIME
              ã·ã¹ãã ã¯ããã¯ãå¤æ´ãã (settimeofday(2), stime(2), adjtimex(2))ã
              ãªã¢ã«ã¿ã¤ã  (ãã¼ãã¦ã§ã¢) ã¯ããã¯ãå¤æ´ããã

       CAP_SYS_TTY_CONFIG
              vhangup(2) ã使ç¨ããã ç¹æ¨©ãå¿è¦ãªä»®æ³ç«¯æ«ã«é¢ããå種㮠ioctl(2)
              æä½ãå©ç¨ã§ããã

       CAP_SYSLOG (Linux 2.6.37 以é)

       *  ç¹æ¨©ãå¿è¦ãª syslog(2) æä½ãå®è¡ã§ããã
          ã©ã®æä½ãç¹æ¨©ãå¿è¦ãã«ã¤ãã¦ã®æå ±ã¯ syslog(2) ãåç§ã

       *  View kernel addresses exposed via /proc and other interfaces when
          /proc/sys/kernel/kptr_restrict has the value 1.  (See the discussion
          of the kptr_restrict in proc(5).)

       CAP_WAKE_ALARM (Linux 3.0 以é)
          ã·ã¹ãã ãèµ·ããããªã¬ã¼ãæå¹ã«ãã (ã¿ã¤ãã¼ CLOCK_REALTIME_ALARM ã
          CLOCK_BOOTTIME_ALARM ãè¨å®ãã)ã

   éå»ã¨ç¾å¨ã®å®è£
       å®å¨ãªå½¢ã®ã±ã¼ãããªãã£ãå®è£ããã«ã¯ã以ä¸ã®è¦ä»¶ãæºããå¿è¦ãããï¼

       1. å¨ã¦ã®ç¹æ¨©æä½ã«ã¤ãã¦ãã«ã¼ãã«ã¯ãã®ã¹ã¬ããã®å®å¹ã±ã¼ãããªãã£ã»ããã«
          å¿è¦ãªã±ã¼ãããªãã£ããããã確èªããã

       2. ã«ã¼ãã«ã§ãããã¹ã¬ããã®ã±ã¼ãããªãã£ã»ãããå¤æ´ãããã
          åå¾ãããã§ããã·ã¹ãã ã³ã¼ã«ãæä¾ãããã

       3. ãã¡ã¤ã«ã·ã¹ãã ããå®è¡å¯è½ãã¡ã¤ã«ã«ã±ã¼ãããªãã£ãä»ä¸ã§ãããã¡ã¤ã«
          å®è¡æã«ãã®ã±ã¼ãããªãã£ãããã»ã¹ãåå¾ã§ãããããªæ©è½ããµãã¼ãããã

       ã«ã¼ãã« 2.6.24 ããåã§ã¯ãæåã® 2ã¤ã®è¦ä»¶ã®ã¿ãæºãããã¦ããã ã«ã¼ãã« 2.6.24
       以éã§ã¯ã3ã¤ã®è¦ä»¶ãã¹ã¦ãæºãããã¦ããã

   ã¹ã¬ããã±ã¼ãããªãã£ã»ãã
       åã¹ã¬ããã¯ä»¥ä¸ã® 3種é¡ã®ã±ã¼ãããªãã£ã»ãããæã¤ãåãã®ã±ã¼ãããªãã£ã»ããã¯
       ä¸è¨ã®ã±ã¼ãããªãã£ã®çµã¿åããã§ãã (å¨ã¦ã®ã±ã¼ãããªãã£ãç¡å¹ã§ããã)ã

       è¨±å¯ (permitted):
              ãã®ã¹ã¬ãããæã¤ãã¨ã«ãªã£ã¦ããå®å¹ã±ã¼ãããªãã£ã®
              éå®çãªã¹ã¼ãã¼ã»ããã§ããã ããã¯ãå®å¹ã±ã¼ãããªãã£ã»ããã« CAP_SETPCAP
              ã±ã¼ãããªãã£ãæã£ã¦ããªãã¹ã¬ãããç¶æ¿å¯è½ã±ã¼ãããªãã£ã»ããã«
              追å å¯è½ãªã±ã¼ãããªãã£ã®éå®çãªã¹ã¼ãã¼ã»ããã§ãããã

              許å¯ã±ã¼ãããªãã£ã»ããããåé¤ãã¦ãã¾ã£ãã±ã¼ãããªãã£ã¯ã
              (set-user-ID-root ããã°ã©ã ãã
              ãã®ã±ã¼ãããªãã£ããã¡ã¤ã«ã±ã¼ãããªãã£ã§è¨±å¯ãã¦ããããã°ã©ã ã execve(2)
              ããªãéãã¯) ããä¸åº¦ç²å¾ãããã¨ã¯ã§ããªãã

       ç¶æ¿å¯è½ (inheritable):
              execve(2)  ãåå¾ã§ä¿æãããã±ã¼ãããªãã£ã»ããã§ããã
              ãã®ä»çµã¿ã使ããã¨ã§ãããããã»ã¹ã execve(2) ãè¡ãéã«æ°ãããã‐
              ã°ã©ã ã®è¨±å¯ã±ã¼ãããªãã£ã»ããã¨ãã¦
              å²ãå½ã¦ãã±ã¼ãããªãã£ãæå®ãããã¨ãã§ããã

       å®å¹ (effective):
              ã«ã¼ãã«ãã¹ã¬ããã®æ¨©é (permission) ããã§ãã¯ããã¨ãã«
              使ç¨ããã±ã¼ãããªãã£ã»ããã§ããã

       fork(2)  ã§ä½æãããåããã»ã¹ã¯ã親ã®ã±ã¼ãããªãã£ã»ããã®ã³ãã¼ãç¶æ¿ããã
       execve(2) ä¸ã®ã±ã¼ãããªãã£ã®æ±ãã«ã¤ãã¦ã¯ä¸è¨ãåç§ã®ãã¨ã

       capset(2)  ã使ãã¨ãããã»ã¹ã¯èªåèªèº«ã®ã±ã¼ãããªãã£ã»ãã ãæä½ãããã¨ãã§ãã
       (ä¸è¨åç§)ã

       Since Linux 3.2, the file /proc/sys/kernel/cap_last_cap exposes the
       numerical value of the highest capability supported by the running
       kernel; this can be used to determine the highest bit that may be set
       in a capability set.

   ãã¡ã¤ã«ã±ã¼ãããªãã£
       ã«ã¼ãã« 2.6.24 以éã§ã¯ã setcap(8)
       ã使ã£ã¦å®è¡ãã¡ã¤ã«ã«ã±ã¼ãããªãã£ã»ããã対å¿ä»ãããã¨ãã§ããã
       ãã¡ã¤ã«ã±ã¼ãããªãã£ã»ãã㯠security.capability ã¨ããååã®æ¡å¼µå±æ§ã«ä¿åããã
       (setxattr(2) åç§)ããã®æ¡å¼µå±æ§ã¸ã®æ¸ãè¾¼ã¿ã«ã¯ CAP_SETFCAP
       ã±ã¼ãããªãã£ãå¿è¦ã§ããã
       ãã¡ã¤ã«ã±ã¼ãããªãã£ã»ããã¨ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ããã®ä¸¡æ¹ã èæ®ããã
       execve(2) å¾ã®ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ããã決å®ãããã

       3 ã¤ã®ãã¡ã¤ã«ã±ã¼ãããªãã£ã»ãããå®ç¾©ããã¦ããã

       è¨±å¯ (Permitted) (以åã®å¼·å¶ (Forced)):
              ã¹ã¬ããã®ç¶æ¿å¯è½ã±ã¼ãããªãã£ã«é¢ãããããã®ã¹ã¬ããã«èªåçã«
              èªããããã±ã¼ãããªãã£ã

       ç¶æ¿å¯è½ (Inheritable) (以å㮠許容 (Allowed)):
              ãã®ã»ããã¨ãã¹ã¬ããã®ç¶æ¿å¯è½ã±ã¼ãããªãã£ã»ããã¨ã® è«çç© (AND) ãã¨ããã
              execve(2) ã®å¾ã«ãã®ã¹ã¬ããã®è¨±å¯ã±ã¼ãããªãã£ã»ããã§æå¹ã¨ãªã
              ç¶æ¿å¯è½ã±ã¼ãããªãã£ã決å®ãããã

       å®å¹ (effective):
              ããã¯éåã§ã¯ãªãã1 ãããã®æå ±ã§ããã ãã®ããããã»ããããã¦ããã¨ã execve(2)
              å®è¡ä¸ã«ããã®ã¹ã¬ããã®æ°ãã許å¯ã±ã¼ãããªãã£ãå¨ã¦
              å®å¹ã±ã¼ãããªãã£éåã«ããã¦ãã»ãããããã ãã®ããããã»ããããã¦ããªãå ´åã
              execve(2)  å¾ã«ã¯æ°ãã許å¯ã±ã¼ãããªãã£ã®ã©ããæ°ããå®å¹ã±ã¼ãããªãã£éå
              ã«ã»ãããããªãã

              ãã¡ã¤ã«ã®å®å¹ã±ã¼ãããªãã£ããããæå¹ã«ããã¨ããã®ã¯ã execve(2)
              å®è¡æã«ããã¡ã¤ã«ã®è¨±å¯ã±ã¼ãããªãã£ã¨ç¶æ¿ã±ã¼ãããªãã£ã«å¯¾å¿ãããã®ã
              ã¹ã¬ããã®è¨±å¯ã±ã¼ãããªãã£ã»ããã¨ãã¦ã»ããããããã
              ãããå®å¹ã±ã¼ãããªãã£ã»ããã«ãã»ãããããã¨ãããã¨ã§ãã
              (ã±ã¼ãããªãã£ã®å¤æã«ã¼ã«ã¯ä¸è¨åç§)ã
              ãããã£ã¦ããã¡ã¤ã«ã«ã±ã¼ãããªãã£ãå²ãå½ã¦ãé (setcap(8),
              cap_set_file(3), cap_set_fd(3))ã
              ããããã®ã±ã¼ãããªãã£ã«å¯¾ãã¦å®å¹ãã©ã°ãæå¹ã¨æå®ããå ´åã
              許å¯ãã©ã°ãç¶æ¿å¯è½ãã©ã°ãæå¹ã«ããä»ã®å¨ã¦ã®ã±ã¼ãããªãã£
              ã«ã¤ãã¦ãå®å¹ãã©ã°ãæå¹ã¨æå®ããªããã°ãªããªãã

   execve() ä¸ã®ã±ã¼ãããªãã£ã®å¤æ
       execve(2)  å®è¡æã«ãã«ã¼ãã«ã¯ããã»ã¹ã®æ°ããã±ã¼ãããªãã£ã次ã®
       ã¢ã«ã´ãªãºã ãç¨ãã¦è¨ç®ããï¼

           P'(permitted) = (P(inheritable) & F(inheritable)) |
                           (F(permitted) & cap_bset)

           P'(effective) = F(effective) ? P'(permitted) : 0

           P'(inheritable) = P(inheritable)    [ã¤ã¾ããå¤æ´ãããªã]

       åå¤æ°ã®æå³ã¯ä»¥ä¸ã®éã:

           P         execve(2)  åã®ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ããã®å¤

           P'        execve(2)  å¾ã®ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ããã®å¤

           F         ãã¡ã¤ã«ã±ã¼ãããªãã£ã»ããã®å¤

           cap_bset  ã±ã¼ãããªãã£ãã¦ã³ãã£ã³ã°ã»ããã®å¤ (ä¸è¨åç§)

   ã±ã¼ãããªãã£ã¨ãã«ã¼ãã«ããããã°ã©ã ã®å®è¡
       execve(2)  æã«ãã±ã¼ãããªãã£ã»ããã使ã£ã¦ãå¨ã¦ã®æ¨©éãæã£ã root
       ãå®ç¾ããã«ã¯ã以ä¸ã®ããã«ããã

       1. set-user-ID-root ããã°ã©ã ãå®è¡ãããå ´åã ã¾ãã¯ããã»ã¹ã®å®ã¦ã¼ã¶ ID ã 0
          (root) ã®å ´åã ãã¡ã¤ã«ã®ç¶æ¿å¯è½ã»ããã¨è¨±å¯ã»ãããå¨ã¦ 1
          (å¨ã¦ã®ã±ã¼ãããªãã£ãæå¹) ã«å®ç¾©ããã

       2. set-user-ID-root ããã°ã©ã ãå®è¡ãããå ´åã ãã¡ã¤ã«ã®å®å¹ã±ã¼ãããªãã£ãããã
          1 (enabled) ã«å®ç¾©ããã

       ä¸è¨ã®ã«ã¼ã«ã«ã±ã¼ãããªãã£å¤æãé©ç¨ããçµæãã¾ã¨ããã¨ã ããã»ã¹ã
       set-user-ID-root ããã°ã©ã ã execve(2) ããå ´åãã¾ãã¯å®å¹ UID ã 0 ã®ãã‐
       ã»ã¹ãããã°ã©ã ã execve(2)
       ããå ´åã許å¯ã¨å®å¹ã®ã±ã¼ãããªãã£ã»ããã®å¨ã±ã¼ãããªã㣠(æ‐
       £ç¢ºã«ã¯ãã±ã¼ãããªãã£ãã¦ã³ãã£ã³ã°ã»ããã«ãããã¹ã¯ã§é¤å¤ããããã®
       以å¤ã®å¨ã¦ã®ã±ã¼ãããªãã£) ãåå¾ããã¨ãããã¨ã§ããã ããã«ãããä¼çµ±ç㪠UNIX
       ã·ã¹ãã ã¨åãæ¯ãèããã§ããããã«ãªã£ã¦ããã

   ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãã
       ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãã (capability bounding set) ã¯ã execve(2)
       æã«ç²å¾ã§ããã±ã¼ãããªãã£ãå¶éããããã«ä½¿ããã ã»ãã¥ãªãã£æ©æ§ã§ããã
       ãã¦ã³ãã£ã³ã°ã»ããã¯ä»¥ä¸ã®ããã«ä½¿ç¨ãããã

       * execve(2)  å®è¡æã«ãã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¨
         ãã¡ã¤ã«ã®è¨±å¯ã±ã¼ãããªãã£ã»ããã®è«çå (AND) ãåã£ããã®ãã
         ãã®ã¹ã¬ããã®è¨±å¯ã±ã¼ãããªãã£ã»ããã«å²ãå½ã¦ãããã
         ã¤ã¾ããã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯ã
         å®è¡ãã¡ã¤ã«ãèªãã¦ãã許å¯ã±ã¼ãããªãã£ã«å¯¾ã㦠å¶éã課ãåããããã

       * (Linux 2.6.25 以é)  ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯ãã¹ã¬ããã
         capset(2) ã«ããèªèº«ã®ç¶æ¿å¯è½ã»ããã«è¿½å å¯è½ãªã±ã¼ãããªãã£ã®æ¯éå£ã
         å¶éããå½¹å²ãæã¤ã
         ã¹ã¬ããã«è¨±å¯ãããã±ã¼ãããªãã£ã§ãã£ã¦ãããã¦ã³ãã£ã³ã°ã»ããã«
         å«ã¾ãã¦ããªããã°ãã¹ã¬ããã¯ãã®ã±ã¼ãããªãã£ã¯èªèº«ã®ç¶æ¿å¯è½ã»ããã«
         追å ã§ããããã®çµæãç¶æ¿å¯è½ã»ããã«ãã®ã±ã¼ãããªãã£ãå«ããã¡ã¤ã«ã execve(2)
         ããå ´åããã®ã±ã¼ãããªãã£ã許å¯ã»ããã«æã¡ç¶ãããã¨ãã§ããªãã ã¨ãããã¨ã§ããã

       ãã¦ã³ãã£ã³ã°ã»ããããã¹ã¯ãè¡ãã®ã¯ãç¶æ¿å¯è½ã±ã¼ãããªãã£ã§ã¯ãªãã
       ãã¡ã¤ã«ã®è¨±å¯ã±ã¼ãããªãã£ã®ãã¹ã¯ãè¡ãç¹ã«æ³¨æãããã¨ã
       ããã¹ã¬ããã®ç¶æ¿å¯è½ã»ããã«ãã®ã¹ã¬ããã®ãã¦ã³ãã£ã³ã°ã»ããã« å‐
       å¨ããªãã±ã¼ãããªãã£ãå«ã¾ãã¦ããå ´åããã®ã¹ã¬ããã¯ã
       ç¶æ¿å¯è½ã»ããã«å«ã¾ããã±ã¼ãããªãã£ãæã¤ãã¡ã¤ã«ãå®è¡ãããã¨ã«ããã
       許å¯ã»ããã«å«ã¾ããã±ã¼ãããªãã£ãç²å¾ã§ããã¨ãããã¨ã§ããã

       ã«ã¼ãã«ã®ãã¼ã¸ã§ã³ã«ãããã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯
       ã·ã¹ãã å±éã®å±æ§ã®å ´åã¨ãããã»ã¹åä½ã®å±æ§ã®å ´åãããã

       Linux 2.6.25 ããåã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãã

       2.6.25 ããåã®ã«ã¼ãã«ã§ã¯ãã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯
       ã·ã¹ãã å±éã®å±æ§ã§ãã·ã¹ãã ä¸ã®å¨ã¦ã®ã¹ã¬ããã«é©ç¨ãããã ãã¦ã³ãã£ã³ã°ã»ããã¯
       /proc/sys/kernel/cap-bound ãã¡ã¤ã«çµç±ã§åç§ã§ããã
       (ééãããããããã®ããããã¹ã¯å½¢å¼ã®ãã©ã¡ã¼ã¿ã¯ã /proc/sys/kernel/cap-bound
       ã§ã¯ç¬¦å·ä»ãã®åé²æ°ã§è¡¨ç¾ãããã)

       init ããã»ã¹ã ããã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã§
       ã±ã¼ãããªãã£ãã»ãããããã¨ãã§ããã ãã以å¤ã§ã¯ãã¹ã¼ãã¼ã¦ã¼ã¶ (ããæ£ç¢ºã«ã¯ã
       CAP_SYS_MODULE ã±ã¼ãããªãã£ãæã£ãããã°ã©ã ) ãã
       ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã®ã±ã¼ãããªãã£ã®ã¯ãªã¢ã ã§ããã ãã§ããã

       é常ã®ã·ã¹ãã ã§ã¯ãã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯ã CAP_SETPCAP
       ãç¡å¹ã«ãªã£ã¦ããã ãã®å¶éãåãå»ãã«ã¯ (åãå»ãã®ã¯å±éº!)ã
       include/linux/capability.h åã® CAP_INIT_EFF_SET ã®å®ç¾©ãä¿®æ‐
       £ããã«ã¼ãã«ãåæ§ç¯ããå¿è¦ãããã

       ã·ã¹ãã å±éã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããæ©è½ã¯ã ã«ã¼ãã« 2.2.11 以éã§
       Linux ã«è¿½å ãããã

       Linux 2.6.25 以éã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãã

       Linux 2.6.25 以éã§ã¯ã
       ãã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãããã¯ã¹ã¬ããåä½ã®å±æ§ã§ãã
       (ã·ã¹ãã å±éã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ããã¯ãã¯ãåå¨ããªã)ã

       ãã¦ã³ãã£ã³ã°ã»ãã㯠fork(2)  æã«ã¯ã¹ã¬ããã®è¦ªããã»ã¹ããç¶æ¿ããã execve(2)
       ã®åå¾ã§ã¯ä¿æãããã

       ã¹ã¬ããã CAP_SETPCAP ã±ã¼ãããªãã£ãæã£ã¦ããå ´åããã®ã¹ã¬ãã㯠prctl(2)  ã®
       PR_CAPBSET_DROP æä½ã使ã£ã¦èªèº«ã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãããã
       ã±ã¼ãããªãã£ãåé¤ãããã¨ãã§ããã
       ãã£ããã±ã¼ãããªãã£ããã¦ã³ãã£ã³ã°ã»ããããåé¤ãã¦ãã¾ãã¨ã
       ã¹ã¬ããã¯ãã®ã±ã¼ãããªãã£ãå度ã»ãããããã¨ã¯ã§ããªãã prctl(2) ã®
       PR_CAPBSET_READ
       æä½ã使ããã¨ã§ãã¹ã¬ãããããã±ã¼ãããªãã£ãèªèº«ã®ãã¦ã³ãã£ã³ã°ã»ãã
       ã«å«ã¾ãã¦ããããç¥ããã¨ãã§ããã

       ãã¦ã³ãã£ã³ã°ã»ããããã®ã±ã¼ãããªãã£ã®åé¤ããµãã¼ããããã®ã¯ã
       ã«ã¼ãã«ã®ã³ã³ãã¤ã«æã«ãã¡ã¤ã«ã±ã¼ãããªãã£ãæå¹ã«ãªã£ã¦ããå ´å ã ãã§ãããLinux
       2.6.33 ããåã®ã«ã¼ãã«ã§ã¯ããã¡ã¤ã«ã±ã¼ãããªãã£ã¯ è¨å®ãªãã·ã§ã³
       CONFIG_SECURITY_FILE_CAPABILITIES ã§åãæ¿ãããã追å ã® æ©è½ã§ãã£ããLinux
       2.6.33 以éã§ã¯ããã®è¨å®ãªãã·ã§ã³ã¯åé¤ããã
       ãã¡ã¤ã«ã±ã¼ãããªãã£ã¯å¸¸ã«ã«ã¼ãã«ã«çµè¾¼ã¾ããããã«ãªã£ãã
       ãã¡ã¤ã«ã±ã¼ãããªãã£ãã«ã¼ãã«ã«ã³ã³ãã¤ã«æã«çµã¿è¾¼ã¾ãã¦ããå ´åã (å¨ã¦ã®ãã‐
       ã»ã¹ã®åç¥ã§ãã) init ããã»ã¹ã¯ãã¦ã³ãã£ã³ã°ã»ãã㧠å¨ã¦ã®ã±ã¼ãããªãã£ã
       ã»ãããããç¶æã§éå§ããããã¡ã¤ã«ã±ã¼ãããªã㣠ãæå¹ã«ãªã£ã¦ããªãå ´åã«ã¯ã init
       ã¯ãã¦ã³ãã£ã³ã°ã»ãã㧠CAP_SETPCAP
       以å¤ã®å¨ã¦ã®ã±ã¼ãããªãã£ãã»ãããããç¶æã§éå§ããã ãã®ããã«ãªã£ã¦ããã®ã¯ã
       CAP_SETPCAP ã±ã¼ãããªãã£ããã¡ã¤ã«ã±ã¼ ãããªãã£ããµãã¼ãããã¦ããªãå ´åã«ã¯
       éã£ãæå³ãæã¤ããã§ããã

       ãã¦ã³ãã£ã³ã°ã»ããããã±ã¼ãããªãã£ãåé¤ãã¦ãã
       ã¹ã¬ããã®ç¶æ¿å¯è½ã»ããããã¯ãã®ã±ã¼ãããªãã£ã¯åé¤ãããªãã
       ããããªããããã¦ã³ãã£ã³ã°ã»ããããã®åé¤ã«ããã
       ãã®åãã®ã±ã¼ãããªãã£ãã¹ã¬ããã®ç¶æ¿å¯è½ã»ããã«è¿½å ããã㨠ã¯ã§ããªããªãã

   ã¦ã¼ã¶ ID å¤æ´ã®ã±ã¼ãããªãã£ã¸ã®å½±é¿
       ã¦ã¼ã¶ ID ã 0 㨠0 以å¤ã®éã§å¤åããéã®æ¯ãèããå¾æ¥ã¨åãã«ããããã ã¹ã¬ããã®å®
       UIDãå®å¹ UIDãä¿å set-user-IDããã¡ã¤ã«ã·ã¹ãã  UID ã (setuid(2),
       setresuid(2)  ãªã©ã使ã£ã¦)
       å¤æ´ãããéã«ãã«ã¼ãã«ã¯ãã®ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ãã㫠以ä¸ã®å¤æ´ãè¡ã:

       1. UID ã®å¤æ´åã«ã¯å® UIDãå®å¹ UIDãä¿å set-user-ID ã®ãã¡ å°ãªãã¨ãä¸ã¤ã 0
          ã§ãå¤æ´å¾ã«å® UIDãå®å¹ UIDãä¿å set-user-ID ã ãã¹ã¦ 0
          以å¤ã®å¤ã«ãªã£ãå ´åã許å¯ã¨å®å¹ã®ã±ã¼ãããªãã£ã»ããã®
          å¨ã±ã¼ãããªãã£ãã¯ãªã¢ããã

       2. å®å¹ UID ã 0 ãã 0 以å¤ã«å¤æ´ãããå ´åã
          å®å¹ã±ã¼ãããªãã£ã»ããã®å¨ã±ã¼ãããªãã£ãã¯ãªã¢ããã

       3. å®å¹ UID ã 0 以å¤ãã 0 ã«å¤æ´ãããå ´åã
          許å¯ã±ã¼ãããªãã£ã»ããã®å容ãå®å¹ã±ã¼ãããªãã£ã»ããã«ã³ãã¼ããã

       4. ãã¡ã¤ã«ã·ã¹ãã  UID ã 0 ãã 0 以å¤ã«å¤æ´ãããå ´å (setfsuid(2)
          åç§)ãå®å¹ã±ã¼ãããªãã£ã»ããã®ä»¥ä¸ã®ã±ã¼ãããªãã£ãã¯ãªã¢ããã: CAP_CHOWN,
          CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
          CAP_LINUX_IMMUTABLE (Linux 2.2.30 以é), CAP_MAC_OVERRIDE, CAP_MKNOD
          (Linux 2.2.30 以é)ã ãã¡ã¤ã«ã·ã¹ãã  UID ã 0 以å¤ãã 0 ã«å¤æ´ãããå ´åã
          ä¸è¨ã®ã±ã¼ãããªãã£ã®ãã¡è¨±å¯ã±ã¼ãããªãã£ã»ããã§æå¹ã«ãªã£ã¦ãããã®ã
          å®å¹ã±ã¼ãããªãã£ã»ããã§æå¹ã«ãããã

       å種 UID ã®ãã¡å°ãªãã¨ãä¸ã¤ã 0 ã§ããã¹ã¬ãããã ãã® UID ã®å¨ã¦ã 0
       以å¤ã«ãªã£ãã¨ãã«è¨±å¯ã±ã¼ãããªãã£ã»ããã ã¯ãªã¢ãããªãããã«ãããå ´åã«ã¯ã
       prctl(2)  ã® PR_SET_KEEPCAPS æä½ã使ãã°ããã

   ããã°ã©ã ã§ã±ã¼ãããªãã£ã»ããã調æ´ãã
       åã¹ã¬ããã¯ã capget(2)  ã capset(2)
       ã使ã£ã¦ãèªèº«ã®ã±ã¼ãããªãã£ã»ãããåå¾ãããå¤æ´ãããã§ããã ãã ãããããè¡ãã«ã¯ã
       libcap ããã±ã¼ã¸ã§æä¾ããã¦ãã cap_get_proc(3)  ã cap_set_proc(3)
       ã使ãã®ãæã¾ããã ã¹ã¬ããã®ã±ã¼ãããªãã£ã»ããã®å¤æ´ã«ã¯ä»¥ä¸ã®ã«ã¼ã«ãé©ç¨ãããã

       1. å¼ã³åºãå´ã CAP_SETPCAP ã±ã¼ãããªãã£ãæã£ã¦ããªãå ´åãæ°ããç¶æ¿å¯è½ã»ããã¯ã
          æ¢åã®ç¶æ¿å¯è½ã»ããã¨è¨±å¯ã»ããã®ç©éå (AND) ã®é¨åéå㧠ãªããã°ãªããªãã

       2. (Linux 2.6.25 以é)  æ°ããç¶æ¿å¯è½ã»ããã¯ãæ¢å‐
          ã®ç¶æ¿å¯è½ã»ããã¨ã±ã¼ãããªãã£ã» ãã¦ã³ãã£ã³ã°ã»ããã®ç©éå (AND)
          ã®é¨åéåã§ãªããã°ãªããªãã

       3. æ°ãã許å¯ã»ããã¯ãæ¢åã®è¨±å¯ã»ããã®é¨åéåã§ãªããã°ãªããªã
          (ã¤ã¾ãããã®ã¹ã¬ãããç¾å¨æã£ã¦ããªã許å¯ã±ã¼ãããªãã£ã ç²å¾ãããã¨ã¯ã§ããªã)ã

       4. æ°ããå®å¹ã±ã¼ãããªãã£ã»ããã¯æ°ãã許å¯ã±ã¼ãããªãã£ã»ããã®
          é¨åéåã«ãªã£ã¦ããªããã°ãªããªãã

   securebits ãã©ã°: ã±ã¼ãããªãã£ã ãã®ç°å¢ãæ§ç¯ãã
       ã«ã¼ãã« 2.6.26 以éã§ã ãã¡ã¤ã«ã±ã¼ãããªãã£ãæå¹ã«ãªã£ãã«ã¼ãã«ã§ã¯ã
       ã¹ã¬ããåä½ã® securebits ãã©ã°ãå®è£ããã¦ããããã®ãã©ã°ã使ã㨠UID 0 (root)
       ã«å¯¾ããã±ã¼ãããªãã£ã®ç¹å¥æ±ããç¡å¹ãããã¨ãã§ããã 以ä¸ã®ãããªãã©ã°ãããã

       SECBIT_KEEP_CAPS
              ãã®ãã©ã°ãã»ããããã¦ããå ´åãUID ã 0 ã®ã¹ã¬ããã® UID ã 0 以å¤ã®å¤ã«
              åãæ¿ããéã«ããã®ã¹ã¬ããã¯ã±ã¼ãããªãã£ãç¶æãããã¨ãã§ããã
              ãã®ãã©ã°ãã»ããããã¦ããªãå ´åã«ã¯ãUID ã 0 ãã 0 以å¤ã®å¤ã«
              åãæ¿ããã¨ããã®ã¹ã¬ããã¯å¨ã¦ã®ã±ã¼ãããªãã£ã失ãã ãã®ãã©ã°ã¯ execve(2)
              æã«ã¯å¨ã¦ã¯ãªã¢ããã (ãã®ãã©ã°ã¯ã以åã® prctl(2)  ã®
              PR_SET_KEEPCAPS æä½ã¨åãæ©è½ãæä¾ãããã®ã§ãã)ã

       SECBIT_NO_SETUID_FIXUP
              ãã®ãã©ã°ãã»ããããã¨ãã¹ã¬ããã®å®å¹ UID ã¨ãã¡ã¤ã«ã·ã¹ãã  UID ã 0 㨠0
              以å¤ã®éã§åãæ¿ãã£ãå ´åã«ã
              ã«ã¼ãã«ã¯ã±ã¼ãããªãã£ã»ããã®èª¿æ´ãè¡ããªããªã (ãã¦ã¼ã¶ ID
              å¤æ´ã®ã±ã¼ãããªãã£ã¸ã®å½±é¿ãã®ç¯ãåç§)ã

       SECBIT_NOROOT
              ãã®ããããã»ããããã¦ããå ´åã set-user-ID-root ããã°ã©ã ã®å®è¡æãã å®å¹
              UID ã å® UID ã 0 ã®ããã»ã¹ã execve(2)
              ãå¼ã³åºããæã«ãã«ã¼ãã«ã¯ã±ã¼ãããªãã£ã許å¯ããªã
              (ãã±ã¼ãããªãã£ã¨ãã«ã¼ãã«ããããã°ã©ã ã®å®è¡ãã®ç¯ãåç§)ã

       ä¸è¨ã® "base" ãã©ã°ã®åãã«ã¯å¯¾å¿ãã "locked" ãã©ã°ãåå¨ããã ãããã® "locked"
       ãã©ã°ãä¸åº¦ã»ãããããã¨æ»ããã¨ã¯ã§ããã ãã以éã¯å¯¾å¿ãã "base"
       ãã©ã°ãå¤æ´ãããã¨ãã§ããªããªãã "locked" ãã©ã°ã¯ SECBIT_KEEP_CAPS_LOCKED,
       SECBIT_NO_SETUID_FIXUP_LOCKED, SECBIT_NOROOT_LOCKED ã¨ããååã§ããã

       securebits ãã©ã°ã¯ã prctl(2)  ã®æä½ PR_SET_SECUREBITS ã
       PR_GET_SECUREBITS ã使ããã¨ã§å¤æ´ãããåå¾ãããã§ããã ãã©ã°ãå¤æ´ããã«ã¯
       CAP_SETPCAP ã±ã¼ãããªãã£ãå¿è¦ã§ããã

       securebits ãã©ã°ã¯åããã»ã¹ã«ç¶æ¿ãããã execve(2) ã«ããã¦ã¯ã
       SECBIT_KEEP_CAPS ã常ã«ã¯ãªã¢ããã以å¤ã¯ãå¨ã¦ã®ãã©ã°ãä¿æãããã

       ã¢ããªã±ã¼ã·ã§ã³ã¯ã以ä¸ã®å¼ã³åºããè¡ããã¨ã«ããã èªåèªèº«ããã³åå«ã¨ãªããã‐
       ã»ã¹å¨ã¦ã«å¯¾ãã¦ã å¿è¦ãªãã¡ã¤ã«ã±ã¼ãããªãã£ãæã£ãããã°ã©ã ãå®è¡ããªãéãã
       対å¿ããã±ã¼ãããªãã£ãç²å¾ã§ããªããããªç¶æ³ã«éãããããã¨ãã§ããã

           prctl(PR_SET_SECUREBITS,
                   SECBIT_KEEP_CAPS_LOCKED |
                   SECBIT_NO_SETUID_FIXUP |
                   SECBIT_NO_SETUID_FIXUP_LOCKED |
                   SECBIT_NOROOT |
                   SECBIT_NOROOT_LOCKED);

æºæ
       ã±ã¼ãããªãã£ã«é¢ããæ¨æºã¯ãªããã Linux ã®ã±ã¼ãããªãã£ã¯å»æ¡ã«ãªã£ã POSIX.1e
       èæ¡ã«åºã¥ãã¦å®è£ããã¦ããã ⟨http://wt.xpilot.org/publications/posix.1e/⟩
       ãåç§ã

注æ
       ã«ã¼ãã« 2.5.27 以éãã±ã¼ãããªãã£ã¯é¸æå¼ã®ã«ã¼ãã«ã³ã³ãã¼ãã³ã
       ã¨ãªã£ã¦ãããã«ã¼ãã«è¨å®ãªãã·ã§ã³ CONFIG_SECURITY_CAPABILITIES
       ã«ããæå¹/ç¡å¹ãåãæ¿ãããã¨ãã§ããã

       The /proc/PID/task/TID/status file can be used to view the capability
       sets of a thread.  The /proc/PID/status file shows the capability sets
       of a process's main thread.  Before Linux 3.8, nonexistent capabilities
       were shown as being enabled (1) in these sets.  Since Linux 3.8, all
       non-existent capabilities (above CAP_LAST_CAP)  are shown as disabled
       (0).

       libcap ããã±ã¼ã¸ã¯ãã±ã¼ãããªãã£ãè¨å®ã»åå¾ããããã®
       ã«ã¼ãã³ç¾¤ãæä¾ãã¦ããããããã®ã¤ã³ã¿ãã§ã¼ã¹ã¯ã capset(2) 㨠capget(2)
       ãæä¾ããã¤ã³ã¿ã¼ãã§ã¼ã¹ã¨æ¯ã¹ã¦ããã使ãããããå¤æ´ãããå¯è½æ§ãå°ãªãã
       ãã®ããã±ã¼ã¸ã§ã¯ã setcap(8), getcap(8)  ã¨ããããã°ã©ã ãæä¾ããã¦ããã
       ããã±ã¼ã¸ã¯ä»¥ä¸ã§å¥æã§ããã
       ⟨http://www.kernel.org/pub/linux/libs/security/linux-privs⟩.

       ãã¼ã¸ã§ã³ 2.6.24 ããåãããã³ãã¡ã¤ã«ã±ã¼ãããªãã£ã æå¹ã«ãªã£ã¦ããªã2.6.24
       以éã®ã«ã¼ãã«ã§ã¯ã CAP_SETPCAP
       ã±ã¼ãããªãã£ãæã£ãã¹ã¬ããã¯èªå以å¤ã®ã¹ã¬ããã® ã±ã¼ãããªãã£ãæä½ã§ããã
       ããããªãããããã¯çè«çã«å¯è½ã¨ããã ãã§ããã 以ä¸ã®ããããã®å ´åã«ããã¦ããã©ã®ã¹ã¬ããã
       CAP_SETPCAP ã±ã¼ãããªãã£ãæã¤ãã¨ã¯ãªãããã§ããã

       * 2.6.25 ããåã®å®è£ã§ã¯ãã·ã¹ãã å±éã®ã±ã¼ãããªãã£ã»ãã¦ã³ãã£ã³ã°ã»ãã
         /proc/sys/kernel/cap-bound ã§ã¯ãã®ã±ã¼ãããªãã£ã¯å¸¸ã«ç¡å¹ã«ãªã£ã¦ããã
         ã½ã¼ã¹ãå¤æ´ãã¦ã«ã¼ãã«ãåã³ã³ãã¤ã«ããªãéãã ãããå¤æ´ãããã¨ã¯ã§ããªãã

       * ç¾å¨ã®å®è£ã§ã¯ãã¡ã¤ã«ã±ã¼ãããªãã£ãç¡å¹ã«ãªã£ã¦ããå ´åã ãã‐
         ã»ã¹æ¯ã®ãã¦ã³ãã£ã³ã°ã»ãããããã®ã±ã¼ãããªãã£ãæã㦠init ã¯éå§ããã
         ã·ã¹ãã ä¸ã§çæãããä»ã®å¨ã¦ã®ããã»ã¹ã§ãã®ãã¦ã³ãã£ã³ã°ã»ããã ç¶æ¿ãããã

é¢é£é ç®
       capget(2), prctl(2), setfsuid(2), cap_clear(3), cap_copy_ext(3),
       cap_from_text(3), cap_get_file(3), cap_get_proc(3), cap_init(3),
       capgetp(3), capsetp(3), libcap(3), credentials(7), pthreads(7),
       getcap(8), setcap(8)

       Linux ã«ã¼ãã«ã½ã¼ã¹åã® include/linux/capability.h

ãã®ææ¸ã«ã¤ãã¦
       ãã® man ãã¼ã¸ã¯ Linux man-pages ããã¸ã§ã¯ãã®ãªãªã¼ã¹ 3.51 ã®ä¸é¨
       ã§ãããããã¸ã§ã¯ãã®èª¬æã¨ãã°å ±åã«é¢ããæå ±ã¯
       http://www.kernel.org/doc/man-pages/ ã«æ¸ããã¦ããã



Linux                             2013-04-17                   CAPABILITIES(7)