sargun@ubuntu:~$ hostname foo
hostname: you must be root to change the host name
sargun@ubuntu:~$ getcap $(which ping)
/bin/ping = cap_net_raw+ep
sargun@ubuntu:~$ hostname foo
hostname: you must be root to change the host name
sargun@ubuntu:~$ cat /proc/self/status |grep Cap
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sargun@ubuntu:~$ unshare -U --map-root-user | |
root@ubuntu:~# id | |
uid=0(root) gid=0(root) groups=0(root),65534(nogroup) | |
root@ubuntu:~# cat /proc/self/status |grep Cap | |
CapInh: 0000000000000000 | |
CapPrm: 000001ffffffffff | |
CapEff: 000001ffffffffff | |
CapBnd: 000001ffffffffff | |
CapAmb: 0000000000000000 |
sargun@ubuntu:~$ unshare -U --map-root-user
root@ubuntu:~# id
uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
root@ubuntu:~# cat /proc/self/status |grep Cap
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct uts_namespace { | |
struct kref kref; | |
struct new_utsname name; | |
struct user_namespace *user_ns; | |
struct ucounts *ucounts; | |
struct ns_common ns; | |
} __randomize_layout; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* capable - Determine if the current task has a superior capability in effect | |
* @cap: The capability to be tested for | |
* | |
* Return true if the current task has the given superior capability currently | |
* available for use, false if not. | |
* | |
* This sets PF_SUPERPRIV on the task if the capability is available on the | |
* assumption that it's about to be used. | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Lock a trusted key, by extending a selected PCR. | |
* | |
* Prevents a trusted key that is sealed to PCRs from being accessed. | |
* This uses the tpm driver's extend function. | |
*/ | |
static int pcrlock(const int pcrnum) | |
{ | |
if (!capable(CAP_SYS_ADMIN)) | |
return -EPERM; |